Black Lotus Labs, the threat research and operations arm of CenturyLink, has identified a malware family that uses a botnet to launch distributed denial-of-service (DDoS) attacks and other malicious activities against Internet of Things (IoT) devices.
The malware family, dubbed "Mozi," consists of code from the Gafgyt, Mirai and IoT Reaper malware families, Black Lotus Labs noted. It targets IoT devices that are either unpatched or have weak telnet passwords and can form a peer-to-peer (P2P) botnet capable of DDoS attacks, data exfiltration and command or payload execution.
Mozi grew from 323 unique nodes on Dec. 27, 2019 to 2,191 nodes on Feb. 4, 2020, Black Lotus Labs indicated. Furthermore, Black Lotus Labs has observed over 15,858 unique Mozi nodes over the last four months.
How to Mitigate a Mozi Attack
Black Lotus Labs offers the following recommendations to secure IoT devices against the Mozi botnet:
- Implement effective passwords.
- Restrict IoT device access.
- Patch IoT devices regularly.
In addition, Black Lotus Labs is monitoring the Mozi botnet and trying to determine the exact number of P2P nodes associated with it. Black Lotus Labs also is exploring ways to disrupt and slow the botnet's growth.
MSSPs Launch IoT Security Solutions
Meanwhile, cybersecurity firms are taking new steps to safeguard IoT systems. For instance:
- Deloitte in April 2020 added Nozomi Networks IoT security solutions to its Cyber Risk services portfolio. In doing so, Deloitte now provides Nozomi Networks' IoT security solutions via its Cyber Intelligence Centers in EMEA.
- IBM also in March 2020 released X-Force Threat Management (XFTM) services for IoT environments. This ensures that security teams can use XFTM services to identify, track and manage IoT threats, gain insights into IoT devices and secure them accordingly.
