Hot on the heels of the Mirai botnet of 2016 comes news of a new IoT malware, dubbed Hajime.
As reported in Computerworld, Hajime is "like Mirai on steroids" with a more sophisticated method for command and control of compromised IoT devices based on a peer-to-peer network rather than a direct server connection.
Estimates so far put the size of the Hajime botnet at 100,000 devices. These are the same devices as Mirai targeted: poorly-secured Internet-enabled cameras, digital video recorders and routers.
There's no evidence yet that the botnet has been used for a malicious purpose. But it has created a sizeable force that its owner could use to attack websites, phone systems, DNS services and other IP-based targets. "Hajime" means "beginning" or the instruction to "begin" in Japanese. Speculation is rife that the harvest of vulnerable devices heralds the beginning a new wave of DDOS attacks.
It's another example of how indiscriminate use of IoT can place your network at risk of being a pawn in someone else's game or in exfiltrating your own data.
Rogue IP-based devices as well as other compromised assets can be detected in a network security audit. It's a good idea to consider engaging a Network Security Management company to conduct such an audit every 12 months as your attack surface changes with every new device that connects to your data.
