Researchers at IBM X-Force are raising the alarm about a botnet that is targeting the Internet of Things. According to a lengthy research blog post, the Mozi botnet is showing a massive spike in attacks. Mozi has been active since 2019, and IBM X-Force researchers note that its activity has accounted for 90 percent of IoT network traffic from October 2019 through June 2020. It brings to mind the infamous Mirai botnet, which wreaked havoc on IoT devices four years ago.
Mozi botnet works by not fighting the competition, but rather eclipsing it by sheer force. IBM researchers explain this concept, as well as how the botnet functions, as follows:
Mozi did not remove competitors from the market. Rather, it flooded the market, dwarfing other variants’ activity. Overall, combined IoT attack instances from October 2019, when attacks began to notably increase, through June 2020 is 400% higher than the combined IoT attack instances for the previous two years… Mozi continues to be successful largely through the use of command injection (CMDi) attacks, which often result from the misconfiguration of IoT devices.
The IBM X-Force postulates that a large reason for the spike has to do with two related issues. There is a continuous uptick of global IoT device usage, and a great deal of this may be due to the COVID-19 pandemic. With the entire world shifting to remote work, and even remote leisure time, there is an unprecedented IoT global network connection. This makes it easy for attackers behind the Mozi botnet to take advantage of new users who are liable to make mistakes (such as misconfiguring their devices).
Mozi is a botnet that functions as a peer-to-peer network malware, and if current research is to be believed, P2P-based botnets are on the rise (with Mozi being the most prominent). With the world adapting to a new reality, cybercriminals are clearly adapting as well. Mozi will likely be on researchers’ minds for some time, and with good reason.
Featured image: Flickr/