New discoveries state that the malware that was targeting IoT devices has done more than simply launch a bunch of DDoS attacks. Instead, it used a code that used IoT to mine for bitcoins, as it was discovered by researchers.
IBM’s X-Force’s researchers were the ones who discovered this functionality of a so-called Mirai malware. The discovery was made late last month, after the bitcoin attacks started on March 20. The attack was at its peak on March 25, and after three more days, the activity subsided.
The code that was found had the same functionality as the one found in the Windows version, only this one was supposed to attack Linux devices. This software has several Unix tools that have been mixed and put into one .exe file that was designed for digital video recording.
Another tool that was found in Mirai and that uses brute force attacks has targeted Telnet, which was used by BusyBox, and the DVR servers. The researchers think that this is how DVR servers were attacked.
Even though several protocols can be used to perform flooding attacks by bots, this new attack was also equipped with a bitcoin miner. Still, researchers have questioned the effectiveness of this method since many IoT devices aren’t capable of doing such actions as mining cryptocurrencies.
Still, Mirai’s power to infect and control thousands of different devices at once might mean that enough of devices that can be used for mining were affected.
There’s also the possibility that the bots automatically start mining operation while they wait for further instructions.
Dave McMillen, a senior threat researcher at IBM, has stated that “Almost four years ago, Krebs on Security discussed bitcoin mining bots; in that case, the compromised hosts were PCs. Mining bitcoins, however, is a CPU-intensive activity. How many compromised devices would it take to make the mining of bitcoin a viable revenue source for attackers? Wouldn’t attackers have better luck compromising a bitcoin exchange company, as has been the case numerous times in the past? It’s possible they’re looking to find a way to make bitcoin mining via compromised IoT devices a lucrative venture.”
It’s believed that tracking bitcoin transactions and looking for unusual patterns would be the best way to realize when an attack like this is happening, at least when big corporations are in question. When it comes to smaller corporations, their biggest indicator would be unnaturally slow computers. Mining for bitcoins takes its toll, and CPU’s are bound to start acting weird.
With this in mind, it would be almost impossible to detect the mining attack if all CPU resources were used. IoT equipment doesn’t even have means to monitor such things, nor do they possess anti-virus, firewall, anti-malware or any other way of protecting themselves.
Security consultant at Pen Test Partners, Andrew Tierney, said that five rules must be followed in order to prevent such incidents: “Don’t expose IoT devices to the Internet; segment IoT from the rest of the network; change default passwords; update firmware; and get IoT equipment penetration tested to minimise exposure.”
For the most part, it’s up to users to take these steps and protect their devices.