| Hajime, Brickerbot, vigilantes (or competitors?) are attacking Mirai botnet | | Authorities have been talking about IoT security standards for years, but in the meantime, some of the same vendors participating in those discussions have continued to ship out insecure devices with the same ol' default passwords. Some crooks have used those blatant vulnerabilities to assemble big IoT botnets, Mirai being the most popular example. But other botnets are currently fighting on Mirai's territory, and we're not sure if they are grey hat acting for our own good, or competitors hiding behind a fake, vigilante posture. | First there is Hajime. Once in control of a target, it blocks several ports used by rival IoT-ware, a perfect annoyance for Mirai. Lacking a module that could be used to launch DDoS, it currently sends a signed message stating "Just a white hat securing some systems. Important messages will be signed like this! Hajime Author. Contact CLOSED. Stay sharp!". According to new estimates it has taken over at least “tens of thousands” of devices, especially in Brazil, Iran, Thailand, the Russian Federation and Turkey. | As regards Brickerbot, it is the first threat of its kind that intentionally bricked IoT and networking devices, by rewriting the flash storage space of affected devices with random data. Such actions rendered troves of devices useless, many needing a firmware reinstall, but as many needing to be replaced altogether. BrickerBot allegedly wiped over two million devices. | The message for all owners of IoT devices is to secure your devices, and for vendors of those devices to pull their fingers out and update firmware. In the case of Mirai and Hajime, simply applying a decent password and username is an excellent start. | | |
|