According to security researches, malware called Kaiji has been found to abuse a series of IoT devices and about to launch DDoS attacks. This malware attack is quite different than the other attacks, as suggested by the researchers of Intezer labs.
Kaiji is encrypted in the Go programming language instead of C or C++ which are mostly used by other IoT malware. The Senior Security Engineer of Synopsys, Boris Cipot says that Kaiji the malware spread rapidly after been exposed to SSH ports on IoT devices along with the Linux Servers of the internet. After that, it tries to gain root access to all the devices with Brute Force.
Spot further added; once Kaiji got the root access, it will automatically start spreading to other devices. Not only that, but it will also collect the SSH keys of other connected devices managed by the root user to infect they following the same way. Kaiji is then engineered to perform Distributed Denial of Service or DDoS attacks on various devices targeted by the user.
Kaiji is not only a highly developed malware, but it has been designed to evolve by itself. So, no one knows what this malware could do next. IoT manufacturers with a lack of security knowledge must be aware of this kind of malware. There are so many devices available in the market have misconfigured or poor security setting exposed to various communication ports without knowing the threat coming. Many of them are hardcoded or have preset usernames and passwords; they can easily be hacked from the backend.
All those instances have put the Internet of Things (IoT) at risk. Users trust the manufacturers the most, but if manufacturers are not able to resolve the issue, so it is difficult for them to ensure device security. Most of the users think their devices are protecting their privacy which supposed to do so. However, users sometimes struggle to understand the threat to their devices which is why they allow random applications to access its microphone, camera, and other internal settings. Needless to say, devices that have allowed various applications to access their security settings are prone to cyber-attack.
The Chief Cyber Security Strategist at Tenable, Adam Palmer says hackers prefer cheap computational power to harness and launch DDoS attacks. But if the security is tightened by the device manufacturer’s end, the criminals can be identified. He further added, where suitable updates should be sent to push the patch flow in order to prevent the stubborn army of malware.
Previously so many IoT attacks have been identified, most of the users do not monitor their devices regularly, and hackers take its advantage to auto-install and auto-run some of the applications which are nothing but a threat.
Kaiji is not less than a lesson to IoT manufacturers who though their devices are secure. They need to upgrade their backend and user security systems to provide a better and safer service.
Tanaya is a Senior Content Developer at IoT Avenue who helped to build the content of the site along with several other sites with her compassionate SEO driven content. She is also a HubSpot, certified Content Marketer. She brings her five years of experience to her current role, where she is dedicated to developing the content of different websites.
Nov 21, 2019 | Press Releases
Dec 05, 2019 | IoT Applications & Examples
Dec 17, 2019 | IoT Applications & Examples
Dec 23, 2019 | IoT Technology News
Jan 02, 2020 | IoT Devices & Sensors, IoT Applications & Examples