{"id":6962,"date":"2017-03-14T04:30:25","date_gmt":"2017-03-14T12:30:25","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/03\/14\/news-753\/"},"modified":"2017-03-14T04:30:25","modified_gmt":"2017-03-14T12:30:25","slug":"news-753","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/03\/14\/news-753\/","title":{"rendered":"Mirai is the hydra of IoT security: Too many heads to cut off"},"content":{"rendered":"

<\/p>\n

Credit to Author: Michael Kan| Date: Tue, 14 Mar 2017 04:05:00 -0700<\/strong><\/p>\n

Efforts to stop Mirai, a malware found infecting thousands of IoT devices, have become a game of whack-a-mole, with differing opinions over whether hackers or the security community are making any headway. <\/p>\n

The malicious code became publicly available<\/a> in late September. Since then, it\u2019s been blamed for enslaving IoT devices such as DVRs and internet cameras to launch massive distributed denial-of-service attacks, one of which disrupted internet access across the U.S. in October. <\/p>\n

The good news:<\/strong> Last month, police arrested<\/a> one suspected hacker who may have been behind several Mirai-related DDoS attacks. <\/p>\n

In addition, internet backbone provider Level 3 Communications has said it’s made a dent in stopping the Mirai malware. <\/p>\n

The malicious code has been found on 500,000 to 600,000 IoT devices at one time or another. But the vast majority of those now are \u201cstranded\u201d and no longer under the control of hackers, said Level 3 Chief Security Officer Dale Drew. <\/p>\n

That\u2019s because ISPs, including Level 3, are blocking internet access to the servers that hackers are using to control the Mirai-infected devices. <\/p>\n

\u201cWe had previously been taking down Mirai C2s (command and control servers) monthly, then weekly,\u201d Drew said in an email. \u201cNow, we\u2019re taking them down every four hours.\u201d <\/p>\n

This has left only about 97,000 Mirai-infected devices out on the Internet that can be controlled by malicious parties. That doesn\u2019t mean the malware isn’t still a threat, Level 3 said. <\/p>\n

The bad news: <\/strong>Hackers are still modifying the Mirai source code to infect new devices. <\/p>\n

On Monday, security research group Malware Must Die<\/a> said it found evidence that Chinese hackers were repurposing Mirai to infect a batch of IoT products, in this case from a Taiwanese vendor. <\/p>\n

\u201cThis could have a huge impact,\u201d the research group said in a direct message over Twitter. \u201cChinese hackers who used to make DDoS Linux malware are starting to adapt the Mirai source code.\u201d <\/p>\n

A screenshot of the DDoS client from the Chinese hackers. <\/p>\n

The Chinese hackers appear to have modified the malicious coding to exploit a known vulnerability<\/a> in products from Avtech, a maker of DVRs and internet cameras. <\/p>\n

The new strain of Mirai takes advantage of a web scripting bug in the products, triggering them to visit a URL that downloads the hackers\u2019 malware. <\/p>\n

There are about 160,000 devices on the internet that could be vulnerable to the attack, Malware Must Die said. A security researcher has contacted the Avtech about the problem, but it\u2019s unclear if the vendor has issued a patch. \u00a0\u00a0 <\/p>\n

Lingering dangers:<\/strong> Things could get worse. <\/p>\n

Authorities may have arrested one suspected hacker connected with Mirai, but others have been making video tutorials on how to use the source code and uploading them to YouTube. <\/p>\n

\u201cIt really is chopping the head off a hydra,\u201d said Bryant Townsend, CEO of Backconnect, in a reference to the mythical many-headed serpent. <\/p>\n

Backconnect, a DDoS protection provider, estimates there are about 250,000 to 300,000 IoT devices still infected with Mirai. <\/p>\n

The company gave a higher estimate than Level 3 because it\u2019s detected newer strains of Mirai infecting IoT devices using other known exploits, said Marshal Webb, Backconnect\u2019s CTO. <\/p>\n

\u201cThat (number) can easily rise into the millions,\u201d he said. For example, it wouldn\u2019t be hard for a hacker to Google known vulnerabilities in IoT devices and then incorporate that information into the Mirai source code, Webb said. <\/p>\n

Some existing Mirai strains are also still scanning the internet, looking to infect vulnerable devices<\/a>. <\/p>\n

Johannes Ullrich, a security researcher with the SANS Technology Institute, said on Monday he recently connected his DVR to the internet to see if Mirai would try to infect it. <\/p>\n

\u201cWithin 5 minutes, it was compromised,\u201d he said. <\/p>\n

Although ISPs like Level 3 are reporting progress against Mirai, Ullrich said the tech industry still hasn\u2019t resolved the root problem that\u2019s been fueling the malware\u2019s growth: insecure IoT products that can be easily hacked. That needs to change. <\/p>\n

\u201cYou still have all these vulnerable devices out there,\u201d he said. \u201cThe number of patched devices is still fairly minuscule.\u201d <\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Michael Kan| Date: Tue, 14 Mar 2017 04:05:00 -0700<\/strong><\/p>\n

\n
\n

Efforts to stop Mirai, a malware found infecting thousands of IoT devices, have become a game of whack-a-mole, with differing opinions over whether hackers or the security community are making any headway.<\/p>\n

The malicious code became publicly available<\/a> in late September. Since then, it\u2019s been blamed for enslaving IoT devices such as DVRs and internet cameras to launch massive distributed denial-of-service attacks, one of which disrupted internet access across the U.S. in October.<\/p>\n

The good news:<\/strong> Last month, police arrested<\/a> one suspected hacker who may have been behind several Mirai-related DDoS attacks.<\/p>\n

To read this article in full or to leave a comment, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[6269,714],"class_list":["post-6962","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-internet-of-things","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6962","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=6962"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6962\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=6962"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=6962"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=6962"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}