Details have come out following security researchers finding another strain of malware ‘especially built’ to infect smart IoT devices & Linux-based servers.
Malware that’s called Kaiji has been abusing systems in order to launch DDoS attacks, & is very different from other IoT malware strains, discovered researchers at Intezer Labs.
Kaiji, which is written in the Go programming language, rather than C or C++, which are the 2 languages in which most IoT malware has been coded in more recently.
Boris Cipot, Senior Security Engineer at Synopsys, explained that Kaiji spreads by 1st finding exposed SSH ports on IoT devices and Linux Servers on the internet before it then tries to gain root access to those devices with brute force.
“Once Kaiji has root access on the device, it will start spreading to other devices,” Cipot observed.
“It will also collect all SSH keys of other devices that are managed, or were managed, by this root user and infect them as well. Kaiji is then manipulated to perform DDoS (Distributed Denial of Service) attacks on the issuer’s targets.
“While Kaiji is already a highly developed malware, it continues to evolve. Therefore, there is no saying what this malware could do next.”
Kaiji & other similar types of malware do very well off the recklessness & lack of security knowledge among some IoT manufacturers, Cipot further observed.
Many devices that are commonly available have “misconfigured security settings, exposed communication ports” with even hardcoded or pre-set usernames and passwords, while many backend servers are hackable, he added.
“All this then puts the IoT users firmly at risk. The users trust the manufacturer to ensure that devices are secure & safe to use.
“They trust that their devices are protecting their privacy. However, many users often do not understand what the threat is. Therefore, they unknowingly leave settings on that expose them to a cyber-attack.”
Adam Palmer, Chief Cyber-Security Strategist at Tenable added that the malware could ‘potentially ‘create an ‘army’ of IoT devices.
Palmer said: “Attackers are looking to harness cheap computational power, whether it’s to launch DDoS attacks or mine for Bitcoin as is often the case. With IoT devices in the sights of criminals, it is imperative that the flaws exploited by criminals are identified by the device manufacturers.
“Where possible, updates should be pushed to patch flaws and prevent this unwilling army of IoT rising up and doing their attackers bidding.”
He commented that there were instances known of IoT devices recruited into botnets & then used to launch DDoS attacks & referred to the ‘Mirai Botnet’ in 2016, that saw big sectors of the internet pushed offline.
“One concern in these cases is that it may be especially difficult to determine if a device has been affected,” he warned.
A member of the public might not monitor device activity to identify increased traffic, recognise an impact in the device’s performance, or experience reduced battery life, Palmer concluded.
Not the best of news then, but certainly something to take on board.