A new botnet, which appears to be in a testing phase, has been discovered targeting poorly-protected Internet of Things (IoT) devices to launch distributed denial-of-service (DDoS) attacks. The Chalubo bot is using obfuscation techniques to hide its presence.
  • Attacks first surfaced in late August. One of the assaults targeted a honeypot set up by security researchers. 
  • Chalubo attempted a brute-force attack against the honeypot and also used commands to stop firewall protections and install malicious components. 
  • The bot, which is based on Linux open source code, is characterised by complexity compared to standard Linux bots attacks. 
  • The attackers are using a layered approach to dropping malicious components in order to take over smart devices.

In September another IoT botnet, dubbed Torii, was discovered. Its sophistication is considered to be a level above that of other botnets.
  • Its script is quite sophisticated and it also uses a variety of advanced techniques. 
  • Torii has features designed to siphon sensitive information and a modular architecture to execute other commands. It is also protected with multiple layers of encrypted communication. 
  • As such it appears to have been developed by someone with a good understanding of how botnets operate. 
Interestingly it doesn’t behave like a standard botnet involved in DDoS attacks. Its overall purpose is still a mystery.

What has this go to do me?

With Christmas just around the corner the shops are going to be stacked high with bright shiny smart devices winking at you with come hither glances.

Before you are smitten keep in mind smart devices are also fodder for IoT botnets. So stand back, detach a little and consider asking the following questions before buying a smart device.
  • How is the device secured from internet-based attacks? 
Not all wireless connections in IoT devices are encrypted. Many devices exchange personal or private information with servers on the internet in the clear, completely unencrypted. 
If a device comes with a default password or an open Wi-Fi connection, can the default password be changed to a stronger one? If you can’t change the password how is the device protected from hacking. 
IoT botnets are typically created by exploiting default device credentials. Hackers simply find out what the credentials are and create software that hacks the devices and snares them into a botnet.