Menu
Over 100 DDoS botnets built using Linux malware for embedded devices

Over 100 DDoS botnets built using Linux malware for embedded devices

Default and hard-coded credentials have led to the compromise of thousands of Internet-of-Things devices

LizardStresser, the DDoS malware for Linux systems written by the infamous Lizard Squad attacker group, was used over the past year to create over 100 botnets, some built almost exclusively from compromised Internet-of-Things devices.

LizardStresser has two components: A client that runs on hacked Linux-based machines and a server used by attackers to control the clients. It can launch several types of distributed denial-of-service (DDoS) attacks, execute shell commands and propagate to other systems over the telnet protocol by trying default or hard-coded credentials.

The code for LizardStresser was published online in early 2015, giving less-skilled attackers an easy way to build new DDoS botnets of their own. The number of unique LizardStresser command-and-control servers has steadily increased since then, especially this year, reaching over 100 by June, according to researchers from DDoS mitigation provider Arbor Networks.

The DDoS bot is very versatile, with versions for the x86 CPU architecture as well as ARM and MIPS, which are commonly used on embedded device.

IoT devices are perfect for DDoS bots, because they run some familiar variant of Linux, have limited resources so they don't have malware detection or advanced security features and, when they're connected directly to the Internet, they're typically not subjected to bandwidth limitations or firewall filtering.

The reuse of software and hardware components is very common in the IoT world as it simplifies and lowers the cost of development. Because of this, default credentials that were used to initially manage one device may later make their way into entirely different classes of devices, the Arbor Networks researchers said in a blog post.

IoT botnets can be very powerful. Arbor Networks investigated two of them that were used to launch attacks against banks, telecommunications companies and government organizations from Brazil, as well as three gaming companies from the U.S.

One of the attacks peaked at over 400Gbps and 90 percent of the hosts from which  the malicious traffic originated responded over HTTP with a Web-based interface called NETSurveillance WEB.

"Doing some more research, the NETSurveillance WEB interface appears to be generic code used by a variety of Internet-accessible webcams," the Arbor Networks researchers said. "A default password for the root user is available online, and telnet is enabled by default."

This is not the first time that IoT botnets have been used to launch DDoS attacks. Researchers from Web security firm Sucuri just recently reported DDoS attacks launched from a botnet of over 25,000 CCTV cameras and digital video recorders.

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

Revealed at a glitzy bash in Sydney at the Ivy Penthouse, the first StorageCraft Partner Awards locally saw the vendor honour its top-performing partners with ASI Solutions, SMBiT Pro, Webroot, ACA Pacific and Soft Solutions New Zealand taking home the top awards. Photos by Maria Stefina.

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards
Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

​Synnex and Lenovo hosted 18 resellers for an action-packed weekend adventure in RotoVegas, taking in white water rafting on the Kaituna River, as well as quad biking and dinner at Stratosfare​, overlooking Lake Rotorua at the top of Mount Ngongotaha​. Photos by Synnex.

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip
Show Comments