For some individuals, there is a developing worry over smart devices gaining more popularity in the market and, of course in our day to day life. While smart devices make everyday life more advantageous, there is a hidden danger of malware assaulting and making utilisation of these devices. One such illustration is Hajime, an Internet of Things (IoT) malware which is responsible for creating peer-to-peer botnet. As of now, it has already infected about 300,000 IoT devices.
Kaspersky Lab has recently published a document on the potential threat of the Hajime. The report also highlights the yet to evaluate the level of damages and obscure objective behind Hajime. Up until this point, this malware has affected DVRs, webcams, and switches, yet it is fit for assaulting any IoT device functional on the web.
How does exactly the Hajime infects IoT devices? The malware is designed to use brute-force attack strategy on devices’ password. Once the device is infected Hajime conceals itself from the victim. Infected IoT devices can then be controlled and utilised by Hajime’s maker without the consent of IoT device owners or operators.
“The most intriguing thing about Hajime is its purpose,” said Konstantin Zykov, senior security researcher at Kaspersky Lab. “While the botnet is getting bigger and bigger, its objective remains unknown. We have not seen its traces in any type of attack or additional malicious activity.”
But, there is still a sign of relief for India!
A larger part of these compromised IoT gadgets is situated in Iran, Vietnam, and Brazil. There is no report from India yet. Despite Kaspersky Lab has issues warning, suggesting that IoT proprietors must reset their passwords to something more hard to figure through brute force attack. Furthermore, IoT devices and solution owners are ought to refresh their firmware if necessary.
The growing impact of Hajime was first noticed in October 2016 and it has since opted better approaches for spreading. Rather than containing assault code, this malware just contains an engendering module. As it assumes control over an IoT device, it adds it to its current peer-to-peer botnet. This system of affected devices is then utilised for spam or DDoS assaults.
But, the malware has avoided some of the well-known networks for reasons unknown. There are a couple systems that Hajime has maintained a strategic distance from. These incorporate General Electric, Hewlett-Packard, the U.S. Postal Service, the United States Department of Defense, and a couple of private systems. Probably the creators of Hajime are well aware of the consequences of messing around with some of the large corporates worldwide.