If you thought the IoT botnet Mirai was bad, Westcon-Comstor warns of Hajime, which currently has 300,000 obeying devices.
Hajime is, according to Westcon-Comstor vendor partner Kaspersky “a mysterious evolving Internet of Things (IoT) malware that builds a huge peer-to-peer botnet”. Notably the botnet has of late been propagating extensively and infecting multiple devices worldwide, reports reveal that there are almost 300,000 malware-compromised devices.
“If the Mirai attack is still fresh in your minds, the fact that there are 300,000 malware-compromised devices, all ready to work as one to act under the instructions of their master without our knowledge, is a terrifying thought,” states Andrew Potgieter, Director Security Solutions at Westcon-Comstor Southern Africa. “While Hajime’s purpose is still unknown, it surely can’t be for the good of the world if it has been slowly growing in scale since it was first detected in October 2016.”
Not dissimilar to Mirai, Hajime is once again building a huge peer-to-peer botnet – a decentralised group of compromised machines discreetly performing spam or DDoS attacks. While Kaspersky Labs cites that there is no actual attacking code or capability they can see in Hajime and it is still only has a propagation module, the family of tools are different. Particularly in that they make use of different techniques – mainly brute-force attacks on device passwords – to infect devices, and then takes a number of steps to conceal itself from the compromised victim.
“The devices currently targeted by Hajime to date are reportedly Digital Video Recorders, followed by web-cameras and routers. But that said this particular threat doesn’t attack a specific device and will snoop out any device connected to the Internet. The name Hajime, means ‘beginning’ in Japanese, it is important we are forewarned so that this is not the beginning of another large scale cyber-attack that takes the world’s Internet down for a day,” adds Potgieter.
According to Kaspersky Lab researchers the infections they have noted to date have primarily come from Vietnam (over 20%), Taiwan (almost 13%) and Brazil (around 9%) at the time of their research and most of the compromised devices are located in Iran, Vietnam and Brazil.
“In order to get ahead of Hajime the basic principles apply and we urge all customers to change the passwords on all IoT and Internet-enabled devices. More importantly as Hajime uses brute force, passwords need to be clever and difficult to crack. Additionally, users must update their firmware on devices, if this is an option. Such simple tactics can stop an attack in its tracks.
“While we sit in wait to see what the purpose of Hajime is, it is better to be forewarned and forearmed,” ends Potgieter.
By Andrew Potgieter, Director Security Solutions at Westcon-Comstor Southern Africa