The 5 biggest malware threats against your devices

By Per Christian Foss, Sales Manager IoT on Jan 4, 2018 10:00:00 AM |


Your devices may already be captured by a botnet without your knowledge. That could have major consequences for both you and the internet in general.

If there is an opening, these are ready to attack. Read more about AddSecure's secure solution here.

Botnets are often used to turn large quantities of captured "zombie" devices against websites and services through DDoS attacks. This makes the devices run slower, and the internet is made vulnerable.



BASHLITE first turned up in 2014, and is known by a variety of different names: Gafgyt, Lizkebab, Qbot, Torlus and LizardStresser. Originally it was known as Bashdoor, but that's now the name of the specific exploit it used when the malware first appeared on the scene.

BASHLITE works through brute force, which means it automatically tries gaining access to badly secured devices by testing common username/password combinations. The source code is easily available online for interested hackers, and in 2016 over a million units were infected. These are almost exclusively IoT devices (96%) – and especially surveillance cameras running Linux are vulnerable.

As with most malware that builds botnets, BASHLITE's purpose is to perform DDoS attacks, with a strength of up to 400 Gbps.


2. Mirai

Mirai is commonly known as the worst of the botnets – a dubious honor it achieved through the Dyn attacks in 2016. By attacking the Dyn servers – responsible for many of the biggest websites and services such as Facebook, Spotify, Netflix and Amazon – Mirai managed to crash large parts of the internet through the course of a full day. BASHLITE was also involved, but Mirai is normally classed as the bigger threat, having been measured to as much as 1 Tbps.

Just like BASHLITE, Mirai spreads through brute forcing, and in addition blocks other software from taking over. While a restart will remove Mirai from the device, it will recapture it in a matter of minutes unless further action is taken. The source code is freely available online, which has led to a multitude of Mirai botnets of differing sizes.


3. Persirai

When Mirai became open to the public, Persirai showed up in 2017 as its perhaps most dangerous offspring. Here too surveillance cameras are especially vulnerable, and U.S. testing has shown that more than half of IP cameras using custom http servers are infected with botnet malware, with Persirai coming out on top – 64 percent of the infected devices, against Mirai's 28.

Persirai has found certain exploits that lets it skip past the authentication part, and lets intruders with admin rights install other malware once they're in. This is how it spreads so easily from camera to camera.


4. Brickerbot

Brickerbot differs from the other malware by being both essentially "good hearted" and especially malicious. We've seen several versions show up throughout 2017, but what they all have in common is ruining the infected devices permanently (bricking), rather than clandestinely capturing them to attack others.

A certain janit0r has claimed responsibility for Brickerbot, saying it's his way of taking the law into his own hands, as a cyberspace Robin Hood. With infected devices posing such a threat against the internet, he makes sure to ruin the exposed units before Mirai, Persirai, or the others can hijack them. If the devices are hidden behind solid passwords or VPNs, Brickerbot won't be able to gain access, but as they pose no threat, it doesn't want to either.

janit0r claims to have destroyed over a million devices so far, and says: "[I]f somebody launched a car or power tool with a safety feature that failed 9 times out of 10 it would be pulled off the market immediately. I don't see why dangerously designed IoT devices should be treated any differently."


5. Reaper

Lately, the media has been writing a lot about the ominously named Reaper botnet, which is still being investigated. It could be a version of Mirai, or something completely new. So far it hasn't attacked, but is building a large collection of captured devices, estimated to span across a million unique businesses.

In a departure from the other botnets, Reaper doesn't attempt to gain access through brute forcing, but exploits weaknesses in the technology itself, on devices that haven't been patched. It's not complicated software, but the threat level is still huge, as the security of the devices is even less sophisticated.

The most pessimistic experts claim Reaper could threaten the very infrastructure of the Open Web. That's an enormous price to pay for not taking proper precautions.


AddSecure Link_iot_made_easy



IoT security

Per Christian Foss, Sales Manager IoT

By Per Christian Foss, Sales Manager IoT

Per Christian has 7 years experience in the Internet of Things area, within business development, sales and product management. He has worked with a wide range of verticals within IoT, such as connected cars, smart cities, security solutions and self-driven buses.