Internet of Things (IoT) devices running on the open-source Linux OS are under attack from NyaDrop.
The attack loads malware on IoT devices lacking appropriate security after brute forcing default login credentials, according to a report by David Bisson for Graham Cluley Security News. The code achieves this by parsing its list of archived usernames and passwords. Once authenticated, NyaDrop is installed. The lightweight binary then loads other malware onto the infected device.
Most susceptible are DVRs, CCTV cameras and similar IoT devices whose MIPS systems use a 32-bit CPU architecture. Complicating matters for security professionals, NyaDrop deletes itself each time it logs into an MIPS system and then loads updates to evade detection. Bisson pointed out that anti-virus tools have been ineffective in stopping the malware.
However, while NyaDrop has been successful in evading detection, it has not gone unnoticed. Bisson said it surfaced in May but at that point was so poorly coded it was incapable of launching. In September, though, a new iteration was used as part of the Mirai botnet in attacking the website of security researcher Brian Krebs, likely in retaliation for his exposés into cyberthreats. In that instance, the distributed denial-of-service (DDoS) attack was “among the biggest assaults the internet has ever witnessed,” Krebs wrote.
Users of IoT devices should change their default login credentials and set up strong usernames and passwords to prevent this attack as well as expected future threats, Bisson advised.