OMG Botnet (Mirai Variant Turns IoT Devs Into Proxy Servers)

By   ISBuzz Team
Writer , Information Security Buzz | Feb 26, 2018 12:00 pm PST

In response to reports by the FortiGuard Labs team on the emergence of the OMG botnet, a new Mirai variant that seeks to turn IoT devices into proxy servers – two cybersecurity experts commented below.

Sean Newman, Director Product Management at Corero Network Security:

“We’re used to seeing Mirai variants being used to commandeer IoT devices across the Internet and then focus a DDoS attack from them on a specific target somewhere else on the Internet.

“By contrast, this OMG variant seems to look for vulnerable IoT devices within a target organisation and then plant a proxy on them, so that the IoT device can be used as a gateway into that organisation’s network, to perform other nefarious activities – likely relating to searching for and exfiltrating sensitive information.

“Today’s DDoS attacks are often used as a smokescreen, designed to distract IT teams from more serious network intrusions and data theft. But this may be the first example of an IoT botnet which can both launch a DDoS attack smokescreen and also simultaneously enable more nefarious activities.  To protect against these sophisticated threats, it’s essential to include always-on DDoS mitigation as part of a layered defence strategy to detect and defend against malicious activity on your network, as it occurs.”

Gabriel Gumbs, VP of Product Strategy at STEALTHbits Technologies:

“Illicit proxy servers are the digital version of a “fence” – think Jack Jeebs (played by Tony Shalhoub) in Men in Black, who ran a pawn shop which dealt in stolen goods. The trouble with speculating about what the bad guys may be using these proxy servers for is that they can be used for many things. The Pentagon is bracing for increased DDoS activity, which this botnet could certainly play a role in. They could also be harvesting credentials for use in other attacks. Given the current zeitgeist, these illicit digital outposts could easily be setting up shop to be used as part of a disinformation campaign aimed at the US 2018 midterm elections. I would not be quick to try and attach motive.

“In a digital world of whack-a-mole, insecure IoT devices are at this point largely being ignored as tools that can be used for more than just DDoS activities. They are not to be ignored, and hopefully the naysayers are well past calling IoT a passing trend.”