Mozi Botnet Accounts for Majority of IoT Traffic

2020-09-17 21:00

The Mozi botnet, a peer-2-peer malware known previously for taking over Netgear, D-Link and Huawei routers, has swollen in size to account for 90 percent of observed traffic flowing to and from all internet of things devices, according to researchers.

IBM X-Force noticed Mozi's spike within it's telemetry, amid a huge increase in overall IoT botnet activity.

"Attackers have been leveraging these devices for some time now, most notably via the Mirai botnet," according to IBM. "Mozi continues to be successful largely through the use of command-injection attacks, which often result from the misconfiguration of IoT devices. The continued growth of IoT usage and poor configuration protocols are the likely culprits behind this jump. This increase may have been fueled further by corporate networks being accessed remotely more often due to COVID-19.".

"The Mozi botnet uses a customized DHT protocol to develop its P2P network," according to IBM. In order for a new Mozi node to join the DHT network, the malware generates an ID for the newly infected device.

"As newer botnet groups, such as Mozi, ramp up operations and overall IoT activity surges, organizations using IoT devices need to be cognizant of the evolving threat," the firm concluded.

News URL

https://threatpost.com/mozi-botnet-majority-iot-traffic/159337/

#botnet #IOT

News URL

Related news