In this report we will take a look at HNS evolution and how it was able to add exploits on a regular basis over the past several months without making headlines.
In September 2016, the Mirai source code was leaked on Hack Forums. Ever since, there has been an explosion of malware targeting IoT devices, each bearing the name of a protagonist found in Japanese anime. FortiGuard Labs has been tracking these IoT botnets in order to provide the best possible protection for our customers.
As we continue to keep track of the latest IoT botnets, the FortiGuard Labs team has seen an increasing number of Mirai variants, thanks to the source code being made public two years ago. Since then, threat actors have been adding their own flavours to the original recipe.
We recently received a malware sample recently that had been packed and compiled on Tue Feb 06 2018. After unpacking it, we found that it contained a version of the Dreambot/Ursnif trojan, which had a compilation date of Tue Oct 10 2017, suggesting that existing versions of Dreambot are now being packaged with brand-new droppers.
In preparation for our talk entitled “IoT: Battle of Bots” at the RootedCon Security conference that will be held in Madrid, Spain this March 2018, the FortiGuard Labs team encountered yet another new Mirai variant.
As further details become available for the massive distributed denial of service attack against Dyn on Oct 21 2016, here are some things FortiDDoS customers can do to protect themselves from a potential Internet of Things (IoT) botnet-based DDoS attack like Mirai. Mirai spreads by compromising vulnerable IoT devices such as DVRs. Many IoT manufacturers failed to secure these devices properly, and they don't include the memory and processing necessary to be updated. They are also usually not in control of the destination of their outbound...