Blog

Blog


Company news and updates


  • Posts
  • IoT Malware: Don’t Let Bots Brick Your Future

IoT Malware: Don’t Let Bots Brick Your Future



In our last post, we have shown how important it is to put the digitization of your device into the hands of experts. When things are made smart by laymen, they often end up undersecured. Especially in the world of IoT, devices with low security are easy prey for malware, such as the Mirai Bot and the BrickerBot.


Mirai Bot vs. Deutsche Telekom


Mirai (Japanese for future) is a Linux based malware. It identifies vulnerable IoT devices based on Linux by scanning their IP addresses and turns them into bots. In doing so, it primarily targets remotely accessible devices with low security, such as routers protected only by default usernames and passwords. These devices are at an especially high risk due to Mirai’s use of dictionary attacks, i.e. attacks where the malware tries out possible login credentials based on words in common dictionaries.


The infected bots then form a botnet used to launch large-scale DDoS (distributed denial of service) attacks. Since Mirai’s source code was leaked in late September 2016, the malware has been found to have infected roughly 2.5 million devices all around the globe. MacAfee1 estimates that every minute five IP addresses are infected by the Mirai botnet. What is more, the publication of the source code has allowed hackers to create new Mirai variants with enhanced features.


Infected devices spotted by the Mirai botnet online tracker2


First spotted in August 2015, Mirai made the news in September 2016 with the DDoS attack against renowned computer security journalist Brian Krebs. Later that year, the Mirai botnet was also employed for three DDoS attacks against the US Internet performance management company Dyn, resulting in the temporary shutdown of major services such as Amazon, Paypal, Twitter, Visa, and many more.


On 27 November 2016, the renowned German telecommunications company Deutsche Telekom, too, fell victim to a Mirai attack. When a British hacker used the massive Mirai botnet to launch a DDoS attack against the website of Liberian telecommunications provider Lonestar Cell, Deutsche Telekom was allegedly nothing but collateral damage. Nonetheless, the results were devastating. Alongside the widespread shutdowns in Britain, roughly one million DSL routers went dead. The majority of the infected routers were devices by Deutsche Telekom.


Even though the hacker - or rather one of the hackers - could be identified and has admitted his crimes in July 2017, the attack proved disastrous for Deutsche Telekom. The original plan of the hackers was to integrate the routers into the botnet and offer the botnet for rent as a basis for further attacks. While this plan failed in the case of the Deutsche Telekom routers due to a mistake in copying the Mirai malware code, the routers did stop reacting to any commands. More than 1.2 million clients, among them private accounts as well as government institutions, were not able to use the Internet or telephone services. It took several days until all disturbances were remedied, resulting in a total loss of more than EUR 2 million for Deutsche Telekom.


Nice Guy BrickerBot?


Like Mirai, the BrickerBot is a Linux based malware that targets IoT devices. It performs so-called PDoS (permanent denial of service) attacks, which means it completely shuts down the infected hardware. The alleged goal of the several generations of the BrickerBot is to identify undersecured IoT devices that could potentially fall victim to Mirai based DDoS attacks. It then ‘bricks’ the device in question to keep it from becoming part of the Mirai botnet, i.e. it deletes its data, corrupts its memory, or disconnects it from the Internet.


Geographic distribution of devices used by BrickerBot.2 to perform attacks3


Protecting IoT devices from the Mirai botnet might appear like a ‘friendly’ intervention at first sight. However, the ‘bricking’ process often renders the devices useless or necessitates expensive remedies. So far, the identity of the BrickerBot attacker(s) is unclear. However, a hacker using a pseudonym to cover her/his identity has stated that s/he has caused more than 2 million IoT devices to shut down between January and April 2017.


Be Smart … and Be Safe


The Mirai botnet and the BrickerBot are only two examples of IoT malware attacking undersecured hardware. If you decide to enter the world of IoT and make your device smart, security should always have top priority. guh is a young and innovative company with an international team of top-notch software architects. The small size of our enterprise allows us to develop the perfect solution to make your product not only smart, but also secure. Please feel free to contact us for a non-binding first talk.


1 https://www.mcafee.com/us/resources/reports/rp-quarterly-threats-mar-2017.pdf

2 http://resources.infosecinstitute.com/the-mirai-botnet-a-milestone-in-the-threat-landscape/

3 https://security.radware.com/d...


Let’s build something great together!


Contact us