• About
  • Advertise
  • Contact
Saturday, February 27, 2021
No Result
View All Result
NEWSLETTER
iotillinois
  • Home
  • Internet of Things
  • Security
  • WAN
  • Cloud Computing
  • Data Centers
  • Mobile
  • Networking
  • Software
  • Home
  • Internet of Things
  • Security
  • WAN
  • Cloud Computing
  • Data Centers
  • Mobile
  • Networking
  • Software
No Result
View All Result
iotillinois
No Result
View All Result
Home Security

Another IoT botnet with pieces of Mirai embedded can do DDoS from 100k devices

by iotadmin
August 28, 2019
in Security
0
Another IoT botnet with pieces of Mirai embedded can do DDoS from 100k devices
0
SHARES
5
VIEWS
Share on FacebookShare on Twitter

Bot-herding software called Persirai, which incorporates pieces of the Mirai botnet code, can commandeer significant chunks of a known 150,000 IP cameras that are vulnerable to Mirai and use them to fire off distributed denial-of-service attacks.

The Persirai botnet has attacked at least four targets, starting in a predictable pattern, according to researchers at Trend Micro.

Persirai takes advantage of a known vulnerability in the cameras to infect them, has them download malware from a command and control server, and then puts them to work either infecting other vulnerable cameras or launching DDoS attacks. “Based on the researchers’ observation, once the victim’s IP Camera received C&C commands, which occurs every 24 hours at 12:00 p.m. UTC, the DDoS attacks start,” the researchers say.

They say they have identified at least four victims of the DDoS attacks, but can’t disclose who they are.

Once the malware has been downloaded, it runs in memory and deletes itself from the hard drive, Trend says, so if the devices reboot, they are rid of the infection. As a result, attackers are constantly searching for and reinfecting cameras.

More than 1,000 individual camera models made by multiple manufacturers are vulnerable to the attack, Trend says. “At the time of the initial discovery, around the first and second week of April, about 150,000 cameras were in use by the botnets,” the researchers say. “However, the latest results show around 99,000 as of May 10.” IoT search engine Shodan identifies about 120,000 cameras as vulnerable.

Here’s a possible hint at who wrote Persirai, according to Trend: “C&C servers we discovered were found to be using the .IR country code. This specific country code is managed by an Iranian research institute which restricts it to Iranians only. We also found some special Persian characters which the malware author used.”

How Persirai gets into the cameras is spelled out by independent researcher Pierre Kim. “The ‘Cloud’ protocol establishes clear-text UDP tunnels (in order to bypass NAT and firewalls) between an attacker and cameras by using only the serial number of the targeted camera. Then, the attacker can automatically bruteforce the credentials of cameras,” he writes.

Kim says the vulnerability exists in 1,250 camera models that are all based on hardware OEMed to the various brands that sell them. “So, cameras are sold under different names, brands and functions,” Kim writes. “The HTTP interface is different for each vendor but shares the same vulnerabilities. The OEM vendors used a custom version of GoAhead [embedded Web server] and added vulnerable code inside.”

AlienVault posts here that Persirai incorporates some Mirai code. “This botnet borrows partial code such as port scanning module from the Mirai, but it is completely different from Mirai in terms of infect chain, C2 communication protocol, attack module and so on. Although the binary names have Mirai mentioned it is probably not wise to treat it just as a Mirai variant,” AlienVault says.

Kim has this recommendation: “I advise to IMMEDIATELY DISCONNECT cameras to the Internet.”

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Download WordPress Themes
Download WordPress Themes Free
Download WordPress Themes Free
Download WordPress Themes Free
udemy free download
download lava firmware
Premium WordPress Themes Download
download udemy paid course for free
Tags: Another IoT botnet with pieces of Mirai embedded can do DDoS from 100k devices
iotadmin

iotadmin

Next Post
Google I/O 2017: AI, IoT and VR/AR predictions

Google I/O 2017: AI, IoT and VR/AR predictions

Recommended

How artificial intelligence is driving IoT growth across utilities, telecoms and more

2 years ago

The Upload: Your tech news briefing for Tuesday, June 30

1 year ago

Buy CBD Online

  • CBD Oils
  • CBG
  • Sleep spray
  • CBD gummies
  • buy CBD oil
  • Dab pens
  • CBD Patches
  • CBD pills
  • Pet CBD
  • CBD for pain
  • CBD for sleep
  • CBD Flower
Facebook Twitter Youtube RSS

Newsletter

Subscribe our Newsletter for latest updates.

Loading

Category

  • AI
  • Careers
  • Cloud Computing
  • Connected Cars
  • Connected Vehicles
  • Data & Analytics
  • Data Centers
  • Databases
  • Development
  • Enterprise
  • Hardware
  • Healthcare
  • IIoT
  • Infrastructure
  • Internet of Things
  • IoT
  • IT Leadership
  • Manufacturing
  • Mobile
  • Networking
  • Oil & Gas
  • Open Source
  • Security
  • Smart Cities
  • Smart Homes
  • Software
  • Software Development
  • Standards
  • Technology Industry
  • Uncategorized
  • Unified Communications
  • Virtualization
  • WAN
  • Wearables

About Us

Advance IOT information site of Illinois USA

© 2019-20 iotillinois.com.

No Result
View All Result
  • Home
  • Internet of Things
  • Security
  • WAN
  • IoT
  • Cloud Computing
  • Data Centers
  • Mobile
  • Networking
  • Software

© 2019-20 iotillinois.com.

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In