IoT botnet strain released, successor to massive malware attack on DYN

As predicted, it appears hackers are building more sophisticated IoT botnets to turn devices into slave components for DDoS attacks.
By Jessica Davis
10:49 AM

A hacker group released a new malware strain into the wild able to override IoT devices for use in DDoS attacks. Linux/IRC Telnet or the 'new Aidra' was discovered by researchers who posted an analysis on an anti-malware site.

The ELF malware has added code and messaging abilities to create additional attack vectors. It is designed for 'brute-force' attacks on the vulnerable code of Linux IoT boxes sent from a CNC malicious IRC server command.

It's similar to strains recently used to hijack IoT devices - like routers and digital cameras - but this new strain is coded with Tsunami/Kaiten protocol and Bashlite to create DDoS attacks via an IRC botnet, researchers said.

Using the leaked IoT credential list from the Mirai botnet (used in the major DYN attack), the strain is CNC encoded to avoid detection. Researchers found the malware can be used to flood servers, aimed from IoT devices via telnet protocol.

[Also: Dyn down: Major East Coast cyberattack brings down Twitter, Netflix, Spotify and others]

Since the Mirai credential list was released, cybercriminals have been focusing their attention on IoT devices and botnets for massive attacks. As IoT devices have such lax security, it's an easy target.

It was just on October 21, that a massive DDoS attack - that stemmed from IoT devices - brought down the DYN server and with it, some of the largest websites like Netflix and Spotify. Security researchers have predicted these attacks will increase.

"We've known for years medical devices aren't secure," said Mac Macmillan, CynergisTek cofounder and CEO. "Hackers have now figured out very effective techniques and developed malware to attack these devices, to commandeer them and group them together to create what essentially becomes a super computer."

[Also: Massive DDoS attack harnesses 145,000 hacked IoT devices]

And the goal? To take down a chosen target with a simple command.

"The overwhelming majority of these attacks take over known vulnerabilities - like forgetting to patch or close a port," Macmillan said. "We just have to do a better job of housekeeping or routine hygiene: making sure we're keeping software up-to-date, hardening those system, making patches, limiting elevated privileges on the network."

"We need to make it more difficult for the bad guys to take advantage of us," he added.

Twitter: @JessieFDavis
Email the writer:

Like Healthcare IT News on Facebook and LinkedIn