New Botnet-creating Malware Detected

Hot on the heels of the Mirai botnet of 2016 comes news of a new IoT malware, dubbed Hajime.

As reported in Computerworld, Hajime is “like Mirai on steroids” with a more sophisticated method for command and control of compromised IoT devices based on a peer-to-peer network rather than a direct server connection.

Estimates so far put the size of the Hajime botnet at 100,000 devices.  These are the same devices as Mirai targeted: poorly-secured Internet-enabled cameras, digital video recorders and routers.

There’s no evidence yet that the botnet has been used for a malicious purpose.  But it has created a sizeable force that its owner could use to attack websites, phone systems, DNS services and other IP-based targets.  “Hajime” means “beginning” or the instruction to “begin” in Japanese.  Speculation is rife that the harvest of vulnerable devices heralds the beginning a new wave of DDOS attacks.

It’s another example of how indiscriminate use of IoT can place your network at risk of being a pawn in someone else’s game or in exfiltrating your own data.

Rogue IP-based devices as well as other compromised assets can be detected in a network security audit.  It’s a good idea to consider engaging a Network Security Management company to conduct such an audit every 12 months as your attack surface changes with every new device that connects to your data.