A new strain of malware – Linux/Shishiga is targeting IoT and leverages weak, default credentials to insert itself into systems through a bruteforce attack. Bob Noel, Director of Strategic Relationships and Marketing at Plixer International commented below.
Bob Noel, Director of Strategic Relationships and Marketing at Plixer International:
“Linux/Shishiga is a recent example of malware written to focus on vulnerable IoT devices. Like many other forms of botnet malware that have proceeded it, such as Mirai and Hajime, Shishiga targets IoT devices which use default Telnet and SSH credentials. Through a brute force attack, it can gain access to IoT devices. Once compromised the IoT device will set up an HTTP server which communicates over TCP port 8888. In addition, the BitTorrent protocol is used to look for new versions of Shishiga files, so the malware on the device can be updated with the latest version. Via a recent scan of the Internet, conducted by censys, only 10 IP addresses were found using TCP port 8888. This is a strong indication that there are very few Shishiga infections currently in the wild. The code however is being updated and changed indicating it’s still a work in progress.The important take away here for every organization is that no device should ever be deployed without changing the default username and password credentials. Failing to do so is inviting trouble. In addition, Network Traffic Analytics systems should be deployed to monitor traffic to and from IoT devices, ensuring all communication falls within least privilege. In the case of Shishiga, any traffic using port 8888 should be an immediate flag to IT that a device is compromised.”