A form of malware designed to hijack the Busybox software commonly used in Internet of Things (IoT) devices has been released into the wild. The malware has been named 'Mirai' and uses IoT devices to form the botnets necessary to launch DDoS attacks such as that suffered by Brian Krebs and OVH.
The hacker behind the ‘Mirai’ program released the source code on Friday 30th September. The code was revealed on hackforums.net by a user, “Anna-senpai”, who claimed to have been motivated by the increased scrutiny from the security industry.
Mirai is one of at least two malware families that is currently being used to quickly assemble very large IoT based DDoS armies. The other has been christened “Bashlight” and functions similar to Mirai in that it also infects systems via default usernames and passwords on IoT devices. Most IoT malware targets web servers, routers, modems, NAS devices, CCTV and industrial control systems.
https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/
Privacy professionals regularly cite IoT devices as being the least secure hardware online. There are issues regarding inadequate processing power,a lack of security standards and protocols as well as the inability to update device firmware. Security cameras have, ironically, been shown to be particularly insecure.
http://arstechnica.com/security/2016/01/how-to-search-the-internet-of-things-for-photos-of-sleeping-babies/
https://securityledger.com/2016/06/security-pros-give-iot-devices-poor-marks/
IoT botnets are set to become more prevalent, firstly because of a growth in the number of IoT devices but also because of an increase in the effectiveness of traditional desktop DDoS protection. The cost of running a desktop initiated botnets has increased as the price of effective anti-DDoS services have dropped. Meanwhile, IoT botnet are inexpensive to maintain.
https://www.malwaretech.com/2016/10/mapping-mirai-a-botnet-case-study.html
Readers have been previously warned as to the potential dangers of a poorly secured IoT. Botnets have expanded in size and are likely to grow in capacity as the number of unsecured internet-connected devices increases. Gartner anticipates that by 2020 there will be close to 21 million IoT devices online – it is likely that they will be plagued by the same inadequate security issues then as now.
Cyber criminals in the near future will launch more powerful DDoS attacks and undoubtedly leverage that power to attack bigger targets and extract more lucrative ransoms.
https://afritechnet.blogspot.com/2016/06/what-is-internet-of-things.html