How the Mirai botnet changed IoT security and DDoS defense
A comprehensive collection of articles, videos and more, hand-picked by our editors
Rapidity Networks researchers discovered a new internet of things worm they called Hajime, which they captured...
in honeypots set up to study the Mirai malware. Hajime malware has some similarities to Mirai, such as the ability to scan the internet for devices running the Telnet service. How does the Hajime malware spread, and how is it different than the Mirai botnet?
Most types of malware have similarities, but implementation details may differ widely. If different types of malware have similar targets, then it is likely there will be more similarities in the malware.
Internet of things (IoT) devices may be very diverse in functionality, but the IT aspects are very similar because people want to be able to control or access the devices from their smartphones and computers, and for many reasons. These IT aspects are a huge component of the security challenge, as using insecure shared libraries and software development environments can result in many of the same security vulnerabilities, such as default accounts with weak passwords.
The Rapidity Networks Security Research Group speculated the Hajime malware would be used like the Mirai botnet in distributed denial-of-service attacks, but only the first two stages of the attack were observed.
Hajime identifies systems to infect by scanning the internet for systems running Telnet on Port 23 TCP, and then tries to log in with default accounts and passwords. Once logged in, the worm inspects the local system to determine what malware to upload in order to take control of the device. Once Hajime malware takes control of the system, it uses a peer-to-peer connection for the command-and-control infrastructure.
Hajime malware and the Mirai worm have very similar attack patterns, but the Hajime scanning logic appears to be taken from qBot.
Rapidity Network researchers reported Hajime started scanning a couple of days before Mirai, uses a different login sequence and uses more advanced methods to determine what malware to run on the target system. Enterprises should be aware that there are two distinct threats, and should plan accordingly to defend against and mitigate them.
Find out three steps to harden IoT devices in your enterprise
Discover how to prevent your IoT devices from being infected by malware
Learn about the vulnerabilities in St. Jude Medical's IoT medical devices
Related Q&A from Nick Lewis
Researchers developed aIR-Jumper, an exploit that leverages lights within security cameras to extract data. Learn how this attack works and how to ...continue reading
The com.google.provision virus reportedly targets Android users, but little is known about it. Nick Lewis discusses the mystery threat and how Common...continue reading
A bug in Microsoft's Internet Explorer update exposes information that users enter into the browser's address bar. Learn more about the bug and URL ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.