Thursday, 8 September 2016

A botnet with IOT devices discovered !!

Soon after the public disclosure of the Shellshock bug, researchers had detected BASHLITE malware. This BASHLITE malware includes code from Shellshock exploit and it was used in the wild to run DDOS attacks. It had the ability to infect multiple Linux architectures, hence, attackers used it to target IoT devices.

Recently, researchers from Sucuri discovered a botnet composed of millions of CCTV devices used to launch DDoS attacks against websites. It was observed that the BASHLITE source code leaked in 2015 was used by malware developers to create their own variant.

This botnet includes :
95% - Digital Video Recorders (DVRs) or cameras
4%  - Routers
1%  - Linux servers

This helps to conclude that the composition of attacks through IoT devices has drastically increased compared to DDoS through compromised servers and home-based routers. A large percentage were found to be located in Taiwan, Brazil and Colombia. Bots were using white-labeled DVRs described as “H.264 DVRs” manufactured by Dahua Technology.

No comments: