Rakos wants to be the next devastating IoT botnet

Rakos wants to be the next devastating IoT botnet
Editor at TechForge Media. Often sighted at global tech conferences with a coffee in one hand and laptop in the other. If it's geeky, I'm probably into it.

(Image Credit: iStockPhoto/weerapatkiatdumrong)

You've likely heard of or even been affected by Mirai, the botnet of IoT devices responsible for a record-breaking DDoS attack which disrupted large services including Twitter, Spotify, and PlayStation Network back in October. A new malware named Rakos could be about to steal Mirai's crown, or at least pose another large threat. 

Mirai and Rakos both share an affinity for the IoT and seek out insecure devices to add to their collective for launching devastating DDoS attacks. The difference is that Mirai targets primarily telnet ports, whereas Rakos targets SSH. Whereas telnet does not use encryption, SSH does, and it's often the more favourable option to use. 

The malware uses brute force attempts on SSH logins similar to how many worms operate in order to build its army. Rakos was identified by security researchers at ESET who have observed multiple cases of IoT devices and Linux server being infected with the malware since August.  

"It is executed from a temporary directory and disguised as a part of the Java framework, namely '.javaxxx'. Additional names like '.swap' or 'kworker' are also used," members of ESET wrote on the welivesecurity blog. 

Despite having a strong password, some devices were vulnerable due to having an 'online service' functionality enabled which allowed Rakos to factory reset the device and therefore revert the password to its default. 

Rakos is written in the Go language and its binary is compressed with the standard UPX tool. When a device is compromised, Rakos starts a local web server on port 61314 and downloads binary. Details of the host machine are sent periodically to its C&C server in order to add new features or perform an operation. 

The usual security advice should be undertaken to ensure your devices are not part of the next botnet attack. Change your default passwords, and make sure to switch off any remote service access when it's not required (and possible.) 

What are your thoughts about the growth of IoT botnets? Let us know in the comments.

https://www.iottechexpo.com/wp-content/uploads/2018/09/iot-tech-expo-world-series.pngInterested in hearing industry leaders discuss subjects like this and sharing their IoT use-cases? Attend the IoT Tech Expo World Series events with upcoming shows in Silicon Valley, London and Amsterdam to learn more.

The show is co-located with the AI & Big Data Expo, Cyber Security & Cloud Expo and Blockchain Expo so you can explore the entire ecosystem in one place.

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *