In the News

The United States Department of Justice yesterday sentenced a 22-year-old Washington-based hacker to 13 months in federal prison for his role in creating botnet malware, infecting a large number of systems with it, and then abusing those systems to carry out large scale distributed denial-of-service (DDoS) attacks against various online service and targets.
Security researchers have discovered a new malware called Kaji which is targeting IoT devices using SSH brute-force attacks.

Malware is increasingly targeting IoT devices, and it’s little surprise why. Statista estimates there are around 20 billion IoT devices installed today, while IDC predicts 41.6 billion devices generating 79.4 zettabytes of data by 2025.
Just like a traffic jam floods a highway with more cars than it can handle, a DDoS attack floods a website with more requests (i.e. visitors) than the web server or other related systems can handle.
“For consumers and organisations, be aware that devices you own are a likely target for attacks, and most likely today to be added into an existing botnet,”
A 21-year-old Washington man has pleaded guilty to creating botnets that converted hundreds of thousands of routers, cameras, and other Internet-facing devices into money-making denial-of-service fleets that could knock out entire Web hosting companies.
The malware, dubbed “Mirai,” spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default usernames and passwords.
The digital assault surpassed 660 Gbps of traffic, making it one of the largest recorded in history in terms of volume.
480 new malware variants are being reported every minute according to a new report by security firm McAfee.
Security researchers have caught hackers lashing together Internet-connected devices in a botnet they’re calling Torii, which uses techniques not seen in an IoT botnet before—including intercepting and stealing data, and using the Tor Project network to hide its network traffic.
China is aggressively seeking to dominate the Internet of Things and plans to use access to billions of networked electronic devices for intelligence-gathering, sabotage, and business purposes, according to a forthcoming congressional report.
Mirai took advantage of insecure IoT devices in a simple but clever way. It scanned big blocks of the internet for open Telnet ports, then attempted to log in default passwords. In this way, it was able to amass a botnet army.