Security News > 2020 > September > Mozi Botnet Accounted for Majority of IoT Traffic: IBM
Showing code overlaps with Mirai and its variants and reusing Gafgyt code, Mozi has been highly active over the past year, and it accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, although it did not attempt to remove competitors from compromised systems, IBM researchers say.
The large increase in IoT attacks might also be the result of a higher number of IoT devices being available worldwide, thus expanding the attack surface.
At the moment, IBM notes, there are around 31 billion IoT devices worldwide, with approximately 127 devices being deployed each second.
"The Mozi botnet is a peer-to-peer botnet based on the distributed sloppy hash table protocol, which can spread via IoT device exploits and weak telnet passwords," IBM says.
"As newer botnet groups, such as Mozi, ramp up operations and overall IoT activity surges, organizations using IoT devices need to be cognizant of the evolving threat. IBM is increasingly seeing enterprise IoT devices under fire from attackers. Command injection remains the primary infection vector of choice for threat actors, reiterating how important it is to change default device settings and use effective penetration testing to find and fix gaps in the armor," IBM concludes.