The ill-famed IoT botnet that powered one of the biggest denial of service cyberattacks of recent years, has taken control of “zombie” devices from over 170 countries, according to news reports.
The 620 Gbps attack on KrebsOnSecurity seems to have been carried out by 145,000 IoT devices infected with the Mirai DDoS Trojan, Brian Krebs said shortly after the attack.
Once the code was leaked online by the author, researchers started mapping the botnet. A company specialized in fighting DDoS attacks said devices came from 167 countries, while researcher MalwareTech’s investigation tallied 177 countries.
The botnet was made up of mostly DVRs and surveillance cameras that use default, easy-to-guess passwords, such as “admin” and “123456”, “root” and “password,” or “guest” and “guest”.
Not long ago, Bitdefender warned of the potential to create botnets out of compromised electrical sockets when it discovered an electrical switch vulnerable to remote firmware reflashing.
Using the embedded Telnet service, an attacker, regardless of his location, could send commands to stop/start/schedule the device, as well as execute rogue commands, including running malicious firmware to achieve persistence or using the device to attack other computers or devices inside the local network.
This type of attack enables a malicious party to leverage the vulnerability from anywhere in the world,” said Alexandru Balan, Chief Security Researcher at Bitdefender. “Until now most IoT vulnerabilities could be exploited only near the smart home they were serving. This flaw allows hackers to control devices over the Internet and bypass the limitations of the network address translation. This is a serious vulnerability, and we could see botnets made up of these power outlets.”
Home users looking to protect their IoT devices as well as home networks from phishing, malware or rogue users should install a home cyber-security solution such as Bitdefender BOX. The Vulnerability Assessment in Bitdefender BOX will scan for security vulnerabilities and alert users whenever it finds weak password authentication or critical exploitable flaws.