A nasty piece of source code has been made public which has the potential to capture unsecured electronics connected to the internet of things (IOT), and wreck havoc online.
The source code is for a piece of malware known as Mirai and it was cyber security blogger Brian Krebs who discovered it had been put up on a hacking forum.
The malware scans the IOT looking for unprotected CCTV cameras, printers, routers and other tech connected to the internet. As is often the case, folks don’t change the factory default passwords on these electronics making them easier to infect.
These “bots” report to a central control server where they can be used to launch an attack – in this case a distributed denial of service (DDoS) attack.
Many bots make light work
You might be wondering how big a problem this could really be.
“With Mirai, I usually pull max 380k bots from telnet alone,” wrote Anna_senpai, the hacker who posted the source code online. With that sort of power, it becomes trivial to launch a massive DDoS attack.
Last month Krebs found his website, Krebs on Security, on the receiving end of such a botnet DDoS attack which was flood with malicious traffic at a rate of 620Gbps.
There is thankfully some good news. For one, IOT electronics often use volatile memory which means a quick reboot will wrest control from an attackers hands.
However, Krebs reports that some cyber security experts say this is a temporary fix. Owing to the frequency at which malware like Mirai scans for IOT devices, an infection can happen again in a matter of moments.
The best bet is to change the password. That makes it harder for hackers to capture your electronics and use them to do their bidding.
Internet service providers are also cottoning on to this herding of the internet of things according to Anna_senpai. “After the Kreb DDoS, ISPs have been slowly shutting down [connections] and cleaning up their act. Today max pull is about 300k bots, and dropping,” wrote the forum user.
We’re not out of the woods yet however, this is just one piece of malware and as IOT grows to the projected 50 devices by 2020, it has the potential to get worse as cyber criminals get more crafty.
And now that Mirai is out in the wild, now might be a good time to change the passwords on everything you own, just in case.[Via – Krebs On Security]