Image for post
Image for post

On the heels of severe Distributed Denial of Service (DDoS) attacks, new Internet-of-Things (IoT) powered botnets are emerging. There are already hundreds of such botnets which exist in the underground hacking ecosystem, where services, code, and specific attacks can be purchased or acquired. New botnets are being developed to meet the growing demand and to circumvent anticipated security controls.

The latest IoT botnet

Linux/IRCTelnet is not based upon the popular Mirai IoT DDoS botnet software, but rather Aidra code. It does however leverage default passwords of IoT devices to gain control. It is just the easiest path at the moment. Attackers will evolve as that door closes, so don’t get too excited and think we can ‘solve’ IoT security with the elimination of default passwords. It is just one chess-move in a long game we are begrudgingly forced to play. Although this Linux bot is still new and small, it could hold potential for more directed attacks and highlights how malware writers are working to differentiate their attack code.

More targets will be explored.

What comes next?

Look for the pro’s to do the following when they come into this space:

  1. Setup more sophisticated and concealed Command and Control (C2) structures to make it more difficult to track bot-herders or interfere with their control
  2. Implement encrypted communications to the end-nodes, to conceal instructions, updates, and new targeting instructions
  3. Begin exploiting OS/RTOS vulnerabilities on higher-end devices to gain more functionality and persistence
  4. Begin siphoning data from IoT devices, which can be valuable for many different purposes, including extending attacks further into homes, businesses, and governments

I predict the next phase of availability attacks will begin right around the time the industry reaches the tipping point in addressing the ‘default’ password weaknesses. Then confidentiality attacks, followed by integrity compromises will come. Brace for a long fight as IoT devices are highly coveted by attackers. This matchup should be exciting as it unfolds!

Interested in more? Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.

Written by

Cybersecurity Strategist and CISO specializing in the evolution of threats, opportunities, and risks in pursuit of optimal security

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store