A relatively new player in the threat arena, the Mozi botnet, has spiked among Internet of things (IoT) devices, IBM X-Force has discovered.
This malware has been active since late 2019 and has code overlap with Mirai and its variants. Mozi accounted for nearly 90% of the observed IoT network traffic from October 2019 through June 2020.
This startling takeover was accompanied by a huge increase in overall IoT botnet activity, suggesting Mozi did not remove competitors from the market. Rather, it flooded the market, dwarfing other variants’ activity. Overall, combined IoT attack instances from October 2019, when attacks began to notably increase, through June 2020 is 400% higher than the combined IoT attack instances for the previous two years.
This surge in IoT attacks could be due to a number of causes, but may in part result from an ever-expanding IoT landscape for threat actors to target. There are about 31 billion IoT devices deployed around the globe, and the IoT deployment rate is now 127 devices per second.
Attackers have been leveraging these devices for some time now, most notably via the Mirai botnet. IBM X-Force Incident Response and Intelligence Services (IRIS) team has been following it for nearly four years. So why the sudden jump? IBM research suggests Mozi continues to be successful largely through the use of command injection (CMDi) attacks, which often result from the misconfiguration of IoT devices. The continued growth of IoT usage and poor configuration protocols are the likely culprits behind this jump. This increase may have been fueled further by corporate networks being accessed remotely more often due to COVID-19.
IoT Devices Are Everywhere
An IoT botnet can be used to perform distributed denial-of-service (DDoS) attacks, botnet attack mozied
