CyberWisdom Safe Harbor Commentary:
What is most likely to be an overlooked story from darkreading.com admits how Satori botnet malware can now infect more IoT devices on the latest version is for systems running ARC processors.
Arbor Networks, a DDoS attack mitigation vendor, said in an advisory this week that the latest variant of Satori is the fourth variant since malware was first introduced in December 2017 and appears to be the first to target the ARC chipset variant.
ARC processor is a 32-bit high-efficiency CPU, widely used in automotive, industrial and Internet of things. Every year, more than 1.5 billion embedded systems with ARC cores are shipped, including electronic steering control and infotainment systems for cars, personal fitness bands, digital TV set-top boxes, and smart thermostats.
Like the other Satori variants, the latest is also using the Mirai codebase. Mirai identifies the vulnerable IoT device using a table of more than 60 common factory default usernames and passwords and logs into Mirai malware. Like Mirai, it is also designed to be spread via credential scanning, which means that malware may potentially infect any ARC device with default and easily guessable telnet usernames and passwords. The Satori variants are specific to Huawei routers.
Peter Arzamendi, a security researcher at Arbor Safety Engineering and Response Team NETSCOUT, said it’s hard to tell which particular ARC-based devices Satori’s authors are looking for because of the large installed base of systems.
However, “botnets for new and new IoT devices are the new norm,” he said. “With the proliferation of the Internet of Things and BYOD, organizations will need to understand how to defend these devices and be able to react when they are attacked,” Arzamendi said.
Support for the ARC processor allows the Satori variant to target a variety of systems, including those based on Intel, ARM, MIPS, PPC, and SuperH processor architectures. All of these variations are slightly different in positioning and function.
Arzamendi said building malware like the new processor architecture like ARC is not too difficult, requiring only a compiler that supports the architecture and some open source tools to help port the code.
He said: “The Internet of Things (botnet) relies on the compromise of as many devices as possible, and threat actors will reduce competition by focusing on new, non-targeted devices.”
According to Arbor, DDoS-capable malware can be used for a wider range of Internet-connected devices than network operators would like to see Mirai’s first appearance by the end of 2016, and network operators need to review their defensive tactics.
Arbor said that in addition to preventing DDoS attacks, organizations also need to ensure that their IoT networks and devices are not used for DDoS attacks. In the consultation, the security vendor said: “Incidental damage due to scanning and outbound DDoS attacks can be compromised if network infrastructure and operational best practices are not actively implemented.
Adam Meyers, vice president of corporate intelligence at CrowdStrike, said that if organizations have not yet done so, they need to invest in DDoS protection and make sure they know what to do in the event of an attack. He said desktop exercises are a good way to ensure that all stakeholders are consistent in the event of an attack.
Meyers said: “As IoT devices age, IoT botnets will become more and more difficult to protect.” As long as these devices continue to operate, most of these devices will continue to be deployed and patching will not be commonplace. In addition, New vulnerabilities on some platforms will continue to be identified. ”
In addition to DDoS attacks, organizations should also be aware of the fact that IoT botnets can be used for other purposes, such as creating a non-home agent network for criminal enterprises, distributing spam and hosting web content for phishing.
Latest version targets systems running ARC processors. Engaging post, Read More…
thumbnail courtesy of darkreading.com.
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post »