http://www.bbc.com/news/technology-37738823
It gets worse:
And worse:
http://news.softpedia.com/news/sourc...r-508864.shtml
Because Linux is free a LOT of device makers use Linux on their Firmware. Because Linux is burned into the firmware the name and password cannot be changed from the factory default, AND, neither can security updates be applied unless the new firmware code is burned onto the EPROMS, if the devices have EPROMS and not PROMS.
And, the culprits are not who you might think they are:
While 80% of the Internet is running on Linux servers the infected agents were not other Linux Internet servers, but IoT devices; CCTV, home security and environmental control devices, Refrigerators and maybe even toasters. I suspect that this DDoS attack revealed a serious hole in America's and the world's Internet security, a hole which could have been used at the beginning of hostile actions by malevolent psychotic International forces. Can you sense rapid legal action to restrict or cut off access of IoT devices to the web? All those neat little iPhone and Android apps that control BX-10 devices that control lights, air conditioning, entertainment devices, door locks and garage doors might stop working if they do not have mandated changes in the ability to change the login names and passwords.
Hackers used internet-connected home devices, such as CCTV cameras and printers, to attack popular websites on Friday, security analysts say.
Twitter, Spotify, and Reddit were among the sites taken offline on Friday.
Each uses a company called Dyn, which was the target of the attack, to direct users to its website.
Security analysts now believe the attack used the "internet of things" - web-connected home devices - to launch the assault.
...
The "global event" involved "tens of millions" of internet addresses.
Twitter, Spotify, and Reddit were among the sites taken offline on Friday.
Each uses a company called Dyn, which was the target of the attack, to direct users to its website.
Security analysts now believe the attack used the "internet of things" - web-connected home devices - to launch the assault.
...
The "global event" involved "tens of millions" of internet addresses.
Security firm Flashpoint said it had confirmed that the attack used "botnets" infected with the "Mirai" malware.
Many of the devices involved come from Chinese manufacturers, with easy-to-guess usernames and passwords that cannot be changed by the user - a vulnerability which the malware exploits.
"Mirai scours the Web for IoT (Internet of Things) devices protected by little more than factory-default usernames and passwords," explained cybersecurity expert Brian Krebs, "and then enlists the devices in attacks that hurl junk traffic at an online target until it can no longer accommodate legitimate visitors or users."
The owner of the device would generally have no way of knowing that it had been compromised to use in an attack, he wrote.
Many of the devices involved come from Chinese manufacturers, with easy-to-guess usernames and passwords that cannot be changed by the user - a vulnerability which the malware exploits.
"Mirai scours the Web for IoT (Internet of Things) devices protected by little more than factory-default usernames and passwords," explained cybersecurity expert Brian Krebs, "and then enlists the devices in attacks that hurl junk traffic at an online target until it can no longer accommodate legitimate visitors or users."
The owner of the device would generally have no way of knowing that it had been compromised to use in an attack, he wrote.
http://news.softpedia.com/news/sourc...r-508864.shtml
Mirai is a DDoS trojan that targets Linux systems, and more precisely architectures deployed with IoT devices.
The trojan appeared at the start of September 2016, and according to a security researcher named MalwareMustDie!, Mirai is an improved version of another DDoS trojan known under different names such as Bashlite, GayFgt, LizKebab, Torlus, Bash0day, and Bashdoor.
The trojan appeared at the start of September 2016, and according to a security researcher named MalwareMustDie!, Mirai is an improved version of another DDoS trojan known under different names such as Bashlite, GayFgt, LizKebab, Torlus, Bash0day, and Bashdoor.
And, the culprits are not who you might think they are:
Mirai’s author, a coder that goes by the name of Anna-senpai, has released on Saturday the trojan’s source code on the notorious Hack Forums portal.
According to the crook, he took the decision to release Mirai’s source because of the recent DDoS attacks against the website of Brian Krebs, an infosec journalist.
At the start of the month, Krebs exposed a DDoS-for-Hire service, which concluded with the arrest of the two Israelis suspected of running the service. Soon after, DDoS attacks started hitting Krebs’ website, first small, and then larger and larger.
According to the crook, he took the decision to release Mirai’s source because of the recent DDoS attacks against the website of Brian Krebs, an infosec journalist.
At the start of the month, Krebs exposed a DDoS-for-Hire service, which concluded with the arrest of the two Israelis suspected of running the service. Soon after, DDoS attacks started hitting Krebs’ website, first small, and then larger and larger.
Comment