Advanced Malware Targeting Internet Of Things (IoT) & Routers
Mohit Kumar writes on the March 30, 2016 website, The Hacker News, that “researchers at the security firm ESET, have discovered a piece of Malware that is targeting embedded devices such as routers, and other connected devices like gateways and wireless access points rather than computers and smartphones. Dubbed KTN-Remastered, or KTN-RM, the malware is a combination of both Tsunami (or Kaiten) as well as Gafgt.”
“Tsunami,” Mr. Kumar writes, is a well-known IRC (Internet Relay Chat) both used by miscreants for launching Distributed Denial of Service (DDoS) attacks, while Gafgt is used for Telnet scanning. KTR-RM, which researchers dubbed — ‘Remaiten,’ features an improved spreading mechanism by carrying downloader executable binaries for embedded platforms and other connected devices.”
How Does The Linux Malware Work?
“The malware performs Telnet scanning to look for routers and smart devices,” Mr. Kumar writes. “Once the connection is made, the malware tries to guess the login credentials in an effort to take over weakly-secured devices. If it successfully logs in, the malware will issue a shell command to download bot executable files for multiple system architectures — before running then on the compromised networking kit.”
“This is a simple, but noisy way ensuring that the new victim gets infected, because it is likely that one of the binaries is for the current platform,” explained ESET Malware Researcher Michal Malik. “It targets mainly those with weak login credentials.”
“The malware, version 2.0, also has a welcome message for those who might try and neutralize its threat — containing reference to the Malware Must Die blog. Perhaps it is a way to take revenge, as Malware Must Die has published extensive details about Gafgt, Tsunami, and other members of this malware family.”
The IoT is the mother-load for hackers. As we connect devices in our homes, autos, etc. — the more interconnected and network dependent we are — the more vulnerable or susceptible we are to a catastrophic cyber breach. The IoT i simply too much of a lucrative target and irresistible to cyber thieves and others. Having some kind of manual back-up — like a digital generator — is mandatory — in order to be able to continue to operate in a degraded or compromised digital environment. The other issue of course is once breached — how do you ever really know that your system is ‘clean?’ The answer, as far as I know — is you don’t. The only sure way, would be to change out computers and routers completely — something that is time consuming, expensive, and aggravating. Having separate systems, separate routers, and stand alone devices also will mitigate against a catastrophic cyber breach; but, this option obviously also comes with a price. But, if you need piece of mind, connecting all of one’s devices to a single router, and/or inter-connecting your house to the IoT — without some kind of digital remediation and recovery plan — is a prescription for disaster. V/R, RCP