Kaspersky Lab recently published its research into Hajime and its unknown end goal. So far, this malware has focused its attention on DVRs, webcams, and routers, but it is capable of attacking any device on the internet. Using a brute-force attack on device passwords, Hajime infects the device, and then conceals itself from the victim. Compromised devices can then be used by Hajime’s creator without the victim’s knowledge.
While a majority of these compromised devices are located in Iran, Vietnam, and Brazil, Kaspersky Lab suggests that IoT owners change their passwords to something more difficult to guess through brute force. Additionally, owners should update their firmware if needed.
First signs of Hajime appeared in October 2016 and it has since developed new ways of spreading. Instead of containing attack code, this malware only contains a propagation module. As it takes over a device, it adds it to an existing peer-to-peer botnet. This network of compromised devices is then used for spam or DDoS attacks.
There are a few networks that Hajime has avoided. These include General Electric, Hewlett-Packard, the U.S. Postal Service, the United States Department of Defense, and a few private networks.
“The most intriguing thing about Hajime is its purpose,” said Konstantin Zykov, senior security researcher at Kaspersky Lab. “While the botnet is getting bigger and bigger, its objective remains unknown. We have not seen its traces in any type of attack or additional malicious activity.”
Full details about this research are available on the firm’s SecureList blog.
Editors' Recommendations
- Forget the Internet of Things. Here’s what IoT really stands for
- Who should fix Internet of Things cybersecurity? Congress takes a crack at it
- California passes bill that regulates security for Internet of Things devices
- Microsoft wants to stuff Linux, not Windows 10, into Internet of Things devices
- Hajime is a ‘white worm’ that infects and secures vulnerable IoT devices
