A P2P botnet, namely Mozi which is famous for targeting IoT-based devices, has now become capable of gaining endurance into network gateways, which are manufactured by Netgear, Huawei, and ZTE.
Researchers at Microsoft Security Threat Intelligence Center discovered that Mozi mainly attacks these intriguing Network gateways for adversaries as they remain ideal and have access points connecting to the corporate networks. Azure Defender even believes that they can even perform a MITM attack, i.e; Man-In-The-Middle, via infecting the routers.
Further, they can disable endpoints to deploy ransomware via HTTP hijacking and DNS spoofing.Mozi appeared for the first time in December 2019. It is famous for tampering with routers and digital video recorders convening them into an IoT botnet, for further DDoS attacks, data exfiltration, and payload execution. It has been generated from the combination of source codes of multiple malware such as Gafgyt, Mirai, and IoT Reaper.Mozi violates our weakness and defaults remote access passwords even via unpatched vulnerabilities.
The P2P file-sharing clients follow the same mechanism as that of DHT, Distributed HashTable, to record contact details.It follows a 10-step cycle, from searching their target to infiltrating their system, deploying the botnet, and finally demand ransom in exchange for freedom.
These 10-Steps are:
- Internet Scan(Searching the target)
- Identify Targets(Target chosen)
- Exploit path(Gaining access)
- Deploy Mozi(Dropping the Malware into the system)
- Enable persistence(Infiltrating the malware into the system)
- Maintain Persistence(Obstructs server configuration alteration)
- Block remediation(Preventing remote access)
- Deploy exploit kits( Malware moving into the mainstream)
- Increase target speed(Corrupting other streams)
- Demand ransom( Main and Final Step)
An IBM X-Force analyzed that Mozi botnet is responsible for nearly 90% of IoT-based attacks. It is also found that the malware is strengthening itself over time, to increase its chances of survival and further most to gain access to the new channels and gateways opening a completely different world to exploit.