Default and hard-coded credentials have led to the compromise of thousands of Internet-of-Things devices Credit: Michelle Maher/IDGNS LizardStresser, the DDoS malware for Linux systems written by the infamous Lizard Squad attacker group, was used over the past year to create over 100 botnets, some built almost exclusively from compromised Internet-of-Things devices. LizardStresser has two components: A client that runs on hacked Linux-based machines and a server used by attackers to control the clients. It can launch several types of distributed denial-of-service (DDoS) attacks, execute shell commands and propagate to other systems over the telnet protocol by trying default or hard-coded credentials. The code for LizardStresser was published online in early 2015, giving less-skilled attackers an easy way to build new DDoS botnets of their own. The number of unique LizardStresser command-and-control servers has steadily increased since then, especially this year, reaching over 100 by June, according to researchers from DDoS mitigation provider Arbor Networks. The DDoS bot is very versatile, with versions for the x86 CPU architecture as well as ARM and MIPS, which are commonly used on embedded device. IoT devices are perfect for DDoS bots, because they run some familiar variant of Linux, have limited resources so they don’t have malware detection or advanced security features and, when they’re connected directly to the Internet, they’re typically not subjected to bandwidth limitations or firewall filtering. The reuse of software and hardware components is very common in the IoT world as it simplifies and lowers the cost of development. Because of this, default credentials that were used to initially manage one device may later make their way into entirely different classes of devices, the Arbor Networks researchers said in a blog post. IoT botnets can be very powerful. Arbor Networks investigated two of them that were used to launch attacks against banks, telecommunications companies and government organizations from Brazil, as well as three gaming companies from the U.S. One of the attacks peaked at over 400Gbps and 90 percent of the hosts from which the malicious traffic originated responded over HTTP with a Web-based interface called NETSurveillance WEB. “Doing some more research, the NETSurveillance WEB interface appears to be generic code used by a variety of Internet-accessible webcams,” the Arbor Networks researchers said. “A default password for the root user is available online, and telnet is enabled by default.” This is not the first time that IoT botnets have been used to launch DDoS attacks. Researchers from Web security firm Sucuri just recently reported DDoS attacks launched from a botnet of over 25,000 CCTV cameras and digital video recorders. Related content how-to Download our Zero Trust network access (ZTNA) enterprise buyer’s guide From the editors of Network World, this enterprise buyer’s guide helps network and security IT staff understand what ZTNA can do for their organizations and how to choose the right solution. By Josh Fruhlinger and Steve Zurier May 06, 2024 1 min Network Security Enterprise Buyer’s Guides news Network jobs watch: Hiring, skills and certification trends What IT leaders need to know about expanding responsibilities, new titles and hot skills for network professionals and I&O teams. By Denise Dubie May 06, 2024 6 mins Careers Data Center Networking feature IBM’s bets on AI and hybrid cloud pay off Three key differentiators of IBM’s AI and cloud offerings are cross-platform automation, integration with multiple clouds, and tie-ins to IBM professional services. By Jeff Vance May 06, 2024 9 mins Hybrid Cloud Network Management Software Cloud Computing analysis What is a virtual machine, and why are they so useful? Many of today’s IT innovations have their roots in virtual machines (VM) and their ability to separate software from hardware. By Keith Shaw May 03, 2024 9 mins Virtualization Data Center Networking PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe