Menu
Over 100 DDoS botnets built using Linux malware for embedded devices

Over 100 DDoS botnets built using Linux malware for embedded devices

Default and hard-coded credentials have led to the compromise of thousands of Internet-of-Things devices

LizardStresser, the DDoS malware for Linux systems written by the infamous Lizard Squad attacker group, was used over the past year to create over 100 botnets, some built almost exclusively from compromised Internet-of-Things devices.

LizardStresser has two components: A client that runs on hacked Linux-based machines and a server used by attackers to control the clients. It can launch several types of distributed denial-of-service (DDoS) attacks, execute shell commands and propagate to other systems over the telnet protocol by trying default or hard-coded credentials.

The code for LizardStresser was published online in early 2015, giving less-skilled attackers an easy way to build new DDoS botnets of their own. The number of unique LizardStresser command-and-control servers has steadily increased since then, especially this year, reaching over 100 by June, according to researchers from DDoS mitigation provider Arbor Networks.

The DDoS bot is very versatile, with versions for the x86 CPU architecture as well as ARM and MIPS, which are commonly used on embedded device.

IoT devices are perfect for DDoS bots, because they run some familiar variant of Linux, have limited resources so they don't have malware detection or advanced security features and, when they're connected directly to the Internet, they're typically not subjected to bandwidth limitations or firewall filtering.

The reuse of software and hardware components is very common in the IoT world as it simplifies and lowers the cost of development. Because of this, default credentials that were used to initially manage one device may later make their way into entirely different classes of devices, the Arbor Networks researchers said in a blog post.

IoT botnets can be very powerful. Arbor Networks investigated two of them that were used to launch attacks against banks, telecommunications companies and government organizations from Brazil, as well as three gaming companies from the U.S.

One of the attacks peaked at over 400Gbps and 90 percent of the hosts from which  the malicious traffic originated responded over HTTP with a Web-based interface called NETSurveillance WEB.

"Doing some more research, the NETSurveillance WEB interface appears to be generic code used by a variety of Internet-accessible webcams," the Arbor Networks researchers said. "A default password for the root user is available online, and telnet is enabled by default."

This is not the first time that IoT botnets have been used to launch DDoS attacks. Researchers from Web security firm Sucuri just recently reported DDoS attacks launched from a botnet of over 25,000 CCTV cameras and digital video recorders.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Examining the changing job scene in the Kiwi channel

Examining the changing job scene in the Kiwi channel

Typically, the New Year brings new opportunities for personnel within the Kiwi channel. 2017 started no differently, with a host of appointments, departures and reshuffles across vendor, distributor and reseller businesses. As a result, the job scene across New Zealand has changed - here’s a run down of who is working where in the year ahead…

Examining the changing job scene in the Kiwi channel
​What are the top 10 tech trends for New Zealand in 2017?

​What are the top 10 tech trends for New Zealand in 2017?

Digital Transformation (DX) has been a critical topic for business over the last few years and IDC is now predicting a step change as DX reaches macroeconomic levels. By 2020 a DX economy will emerge and it will become the core of what New Zealand industries focus on. From the board level through to the C-Suite, Kiwi organisations must be prepared to think and act digital when the DX economy emerges in 2017.

​What are the top 10 tech trends for New Zealand in 2017?
Show Comments