Mozi botnet behind massive spike in IoT device attacks

Researchers at IBM X-Force are raising the alarm about a botnet that is targeting the Internet of Things. According to a lengthy research blog post, the Mozi botnet is showing a massive spike in attacks. Mozi has been active since 2019, and IBM X-Force researchers note that its activity has accounted for 90 percent of IoT network traffic from October 2019 through June 2020. It brings to mind the infamous Mirai botnet, which wreaked havoc on IoT devices four years ago.

Mozi botnet works by not fighting the competition, but rather eclipsing it by sheer force. IBM researchers explain this concept, as well as how the botnet functions, as follows:

Mozi did not remove competitors from the market. Rather, it flooded the market, dwarfing other variants’ activity. Overall, combined IoT attack instances from October 2019, when attacks began to notably increase, through June 2020 is 400% higher than the combined IoT attack instances for the previous two years... Mozi continues to be successful largely through the use of command injection (CMDi) attacks, which often result from the misconfiguration of IoT devices.

The IBM X-Force postulates that a large reason for the spike has to do with two related issues. There is a continuous uptick of global IoT device usage, and a great deal of this may be due to the COVID-19 pandemic. With the entire world shifting to remote work, and even remote leisure time, there is an unprecedented IoT global network connection. This makes it easy for attackers behind the Mozi botnet to take advantage of new users who are liable to make mistakes (such as misconfiguring their devices).

Mozi is a botnet that functions as a peer-to-peer network malware, and if current research is to be believed, P2P-based botnets are on the rise (with Mozi being the most prominent). With the world adapting to a new reality, cybercriminals are clearly adapting as well. Mozi will likely be on researchers' minds for some time, and with good reason.

Featured image: Flickr/qubodup

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Contactless payments are hot, but are they secure?

The trend to contactless payments has accelerated as retailers and consumers adjust to COVID-19 realities.…

13 hours ago

Season’s fleecings: CISA warns on holiday shopping scams

The U.S. Department of Homeland Security is warning that online holiday shopping scams may be…

16 hours ago

Azure DNS: Using Azure DevOps to protect public DNS zones

This in-depth tutorial shows you how to use features available in Azure DevOps to boost…

19 hours ago

Report: Baidu Android apps had potential to expose data

Two apps from Chinese tech giant Baidu that had been available in the Google Play…

2 days ago

Shining a light on the dark shadow cast by shadow IT

Employees who don’t have the tools to get their jobs done sometimes turn to the…

2 days ago

Microsoft 365 troubleshooting: Diagnostic tools at your fingertips

Many Exchange Server troubleshooting tools don’t work with Microsoft 365. Fortunately, Microsoft has a bunch…

5 days ago