Like something out of the Walking Dead, a plague is ripping through the Internet and turning IoT devices into zombies. The horde amassed by the Hajime malware has grown to over 300,000 Internet of Things devices.
While your smart fridge won’t come to life and try to eat your brains, the term “zombie” in this case refers to a device that has been compromised into becoming part of a botnet.
The coming of the IoT botnets
Botnets are swarms of connected devices that each function exactly as they’re supposed to, but are also set to execute commands given by the botnet’s controller. Because of the nature of IoT devices, it is exceedingly difficult if not impossible for the average user to determine if a device is compromised.
Typically, these commands come in the form of distributed denial of service (DDoS) attacks carried out on a specific target. In these types of attacks, the devices flood the target server with requests over the Internet. This overwhelms the server and can result in temporary disruptions of service.
You typically hear about DDoS attacks after a major website that is almost always up and available goes down momentarily. One of the largest attacks in recent memory happened in October of 2016 which resulted in dozens of the Internets most popular websites and services being temporarily unavailable.
That particular attack was carried out using IoT devices compromised by the Mirai malware. The Internet of Things is a particularly appealing target for malicious software makers due to loosened security measures and infrequent software updates that make these devices less secure than traditional desktop and mobile PCs.
Botnets are also used for data gathering through keylogging and traffic sniffing. This includes being used by spammers to send mass amounts of email (spam) to targets. Botnet devices have even been linked to identity theft as they spam out phishing emails that trick unsuspecting users into giving up private information under the guise that the request is coming from a reputable source.
What is Hajime malware?
Hajime means “beginning” in Japanese. It is an IoT worm that builds a P2P botnet from IoT devices. It does this by exploiting several common security gaps that exist in IoT devices like smart thermostats and dishwashers.
Hajime uses force to make its way on devices by exploiting weak password security. A lot of IoT devices are left with their default passwords as users prefer convenience over security. One way to counter this type of attack is to change the device passwords into something complex and difficult to guess. Avoid dictionary words, add numbers and special characters, and don’t use the same password in multiple places.
It also exploits the Arris cable modem Password of the Day. This is a known exploit that has been around since 2009 and gives malware like Hajime a backdoor.
What we don’t know about Hajime right now is its purpose. There are no reports of any attacks carried out by the Hajime malware. However, this doesn’t mean things aren’t happening.
Reports indicate that most of the devices attacked by the Hajime are in the countries of Brazil, Iran, Vietnam, Taiwan, Turkey, India, Korea and China. Hajime also, interestingly enough, contains a propagation module, rather than an attack code.
On a more positive front, Hajime is reported to only be going after devices with weak security. By taking some basic security steps like changing the default password and bolstering your network security, you may well be able to avoid having your smart toaster become part of this new swarm of electronic zombies.