Mirai, The Infamous Internet of Things Army, Can Now Mine Bitcoin – CoinDesk

Remember that Internet of Things botnet? The one known for temporarily shutting down a numberof the world's largest websites last autumn?

Well, anewer version has beendetected, but as well asbeing able to issue DDoS attacks and the like, it's equippedtominebitcoin.

In the digital age, it's possible for hackers to infect and take control of insecure Internet of Things (IoT) devices, say, toasters, cameras or other web-connected devices. They can then bundle them together into a botnet, using their combined capacity to shoot spam at websites or internet structures, slowing them down or sending them offline.

That's what happened in a series of attacks in the fall, using the malware dubbed Mirai.

The softwarewas open-sourced soon after much to the dismay of security engineers and, since then, different strains iterating on the first version of the botnet have cropped up with addedabilities.

One strain, known as ELF Linux/Mirai, has now beendetected mining bitcoin for a few days, according to research from IBM X-Force, the Big Blue's cybersecurity research wing. It seemssome unknown hacker (or hackers) is experimenting with using the power accumulated from IoTdevices to mine the digital currency and possibly make some cash.

This could be an omen for future IoT botnet use cases, argued Dave McMillen, IBM Managed Security Services senior threat researcher and author of the report.

McMillen told CoinDesk:

"This ELF/Mirai variant could be appealing to others in the future due to the potentially large volume of devices that could be involved."

The researchernoted, however, that, the botnet didn't appear to successfully mine any bitcoin. The security teamsee it more like a peek at a down-the-road possibility.

So, what happened, and how did IBM spot themining component of the botnet?

McMillen explained, saying:

"We detected a spike in command injection activity in our IBM X-Force monitored client environment data that prompted deeper investigation."

The security teamsaw traffic related to an ELF 64-bit binary file., which the reportdescribes as beginning as a "blip", which grew in volume by 50%, buthad fizzled out by day eight.

The team "dissected" the binary to discoverthat the Linux version of the malware is similar to the more typical Windows version.

"It was detected as a slave miner by multiple tools, however we are still investigating other properties of the variant," McMillen added.

Whilethere are now many variants of the botnet, ELF Linux/Miraihas extra abilities in that it can execute 'SQL injection'(a notorious way to take control of databases) and execute so called 'brute force' attacks.

But, the Linux version has an extra add-on the bitcoin miner component (which you can see online here).

IBM speculates in the report that the botnet creators may belooking for away to make bitcoin mining with compromised IoT devices a lucrative venture.

"Realizing the power of Mirai to infect thousands of machines at a time, there is a possibility that the bitcoin miners could work together in tandem as one large miner consortium. We haven't yet determined that capability, but found it to be an interesting yet concerning possibility," ablog post explains, adding:

"One scenario could be that while the Mirai bots are idle and awaiting further instructions, they could be leveraged to go into mining mode."

Although this idea is admittedly speculative, the report points to the factthat bitcoin has beenused for other cybercrimes such withransomware, which encrypts all of a user's computer data with a demand for payment because it's decentralized and isperceived as a more privacy-enhancingcurrency.

The tech can havemore beneficial uses cases, though. For example,one company recently revealed aimsto build a bitcoin botnet to helpsecure IoT devices, combining the cryptocurrency with technology also has the potential for less beneficial onlineactivities.

So, how canusers protect their internet-connected toasters from being enlisted as a bitcoin mining slave?

The Mirai malware exploits a surprisingly simple attack vector.

The problem is that many IoTdevices come with pre-installed passwords. And, since many users never change them, all an attacker needs to do is find the default password to 'hack' into the devices.

McMillens advice is for users tochange those passwords. Though, he said that he hopes that IoTcompanies are beginning to tackle the problem, too.

He concluded:

"Manufacturers could be looking for ways to manage these credentials more securely, perhaps by prompting a forced change or randomizing the default logins."

Army computer via Shutterstock

Bitcoin MiningBotnetsHackingIBMInternet of ThingsSecurity

Read more from the original source:
Mirai, The Infamous Internet of Things Army, Can Now Mine Bitcoin - CoinDesk

Related Posts

Comments are closed.