Menu
Over 100 DDoS botnets built using Linux malware for embedded devices

Over 100 DDoS botnets built using Linux malware for embedded devices

Default and hard-coded credentials have led to the compromise of thousands of Internet-of-Things devices

LizardStresser, the DDoS malware for Linux systems written by the infamous Lizard Squad attacker group, was used over the past year to create over 100 botnets, some built almost exclusively from compromised Internet-of-Things devices.

LizardStresser has two components: A client that runs on hacked Linux-based machines and a server used by attackers to control the clients. It can launch several types of distributed denial-of-service (DDoS) attacks, execute shell commands and propagate to other systems over the telnet protocol by trying default or hard-coded credentials.

The code for LizardStresser was published online in early 2015, giving less-skilled attackers an easy way to build new DDoS botnets of their own. The number of unique LizardStresser command-and-control servers has steadily increased since then, especially this year, reaching over 100 by June, according to researchers from DDoS mitigation provider Arbor Networks.

The DDoS bot is very versatile, with versions for the x86 CPU architecture as well as ARM and MIPS, which are commonly used on embedded device.

IoT devices are perfect for DDoS bots, because they run some familiar variant of Linux, have limited resources so they don't have malware detection or advanced security features and, when they're connected directly to the Internet, they're typically not subjected to bandwidth limitations or firewall filtering.

The reuse of software and hardware components is very common in the IoT world as it simplifies and lowers the cost of development. Because of this, default credentials that were used to initially manage one device may later make their way into entirely different classes of devices, the Arbor Networks researchers said in a blog post.

IoT botnets can be very powerful. Arbor Networks investigated two of them that were used to launch attacks against banks, telecommunications companies and government organizations from Brazil, as well as three gaming companies from the U.S.

One of the attacks peaked at over 400Gbps and 90 percent of the hosts from which  the malicious traffic originated responded over HTTP with a Web-based interface called NETSurveillance WEB.

"Doing some more research, the NETSurveillance WEB interface appears to be generic code used by a variety of Internet-accessible webcams," the Arbor Networks researchers said. "A default password for the root user is available online, and telnet is enabled by default."

This is not the first time that IoT botnets have been used to launch DDoS attacks. Researchers from Web security firm Sucuri just recently reported DDoS attacks launched from a botnet of over 25,000 CCTV cameras and digital video recorders.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Show Comments