Monitoramento e Caracterização de Botnets Bashlite em Dispositivos IoT
Abstract
The use of botnets, networks composed of malware-infected devices, for malicious activities, such as denial-of-service attacks and spam/phishing distribution, causes billion-dollar losses every year. The growth of the Internet of Things, combined with the low security of its devices, has provided invaders with a rich environment for the creation of botnets. To combat such networks, it is essential to understand their behavior. In this work we monitor widespread IoT-based Bashlite botnets using a network of low-interactivity honeypots. We analyzed both the scanning and infection of vulnerable devices as well as the command flow sent to infected devices by their controllers. Our results suggest that botnets rely on infrastructure providers, that most of the infections use unmodified publicly-available source code, and that there is a concentration of attacks on specific targets.
References
Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., Durumeric, Z., Halderman, J. A., Invernizzi, L., Kallitsis, M., Kumar, D., Lever, C., Ma, Z., Mason, J., Menscher, D., Seaman, C., Sullivan, N., Thomas, K., and Zhou, Y. (2017). Understanding the Mirai Botnet. In Proc. of USENIX Security Symposium.
Behal, S. and Kumar, K. (2017). Characterization and Comparison of DDoS Attack Tools and Trafc Generators: A Review. IJ Network Security, 19(3).
Cooke, E., Jahanian, F., and McPherson, D. (2005). The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets. Proc. of the Steps to Reducing Unwanted Trafc on the Internet Workshop.
Fabian, M. and Terzis, M. A. (2007). My Botnet is Bigger than Yours (Maybe, Better than Yours): Why Size Estimates Remain Challenging. In Proc. of USENIX Workshop on Hot Topics in Understanding Botnets.
Goncharov, M. (2015). Criminal hideouts for lease: Bulletproof hosting services.
Karami, M. and McCoy, D. (2013). Understanding the Emerging Threat of DDoS-as-aService. In Proc. of USENIX Workshop on Large-Scale Exploits and Emergent Threats.
Kolias, C., Kambourakis, G., Stavrou, A., and Voas, J. (2017). DDoS in the IoT: Mirai and other botnets. Computer, 50(7):80–84.
Konte, M., Perdisci, R., and Feamster, N. (2015). ASwatch: An AS reputation system to expose bulletproof hosting ASes. ACM SIGCOMM Computer Communication Review, 45(4).
Mirkovic, J. and Reiher, P. (2004). A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication Review, 34(2).
Neustar (2017). Worldwide DDoS Attacks & Cyber Insights Research Report. Online.
Pa, Y. M. P., Suzuki, S., Yoshioka, K., Matsumoto, T., Kasama, T., and Rossow, C. (2015). IoTPOT: Analysing the Rise of IoT Compromises. In Proc. of USENIX Workshop on Offensive Technologies.
Santanna, J. J., van Rijswijk-Deij, R., Hofstede, R., Sperotto, A., Wierbosch, M., Granville, L. Z., and Pras, A. (2015). Booters: An analysis of DDoS-as-a-service attacks. In Proc. of IEEE/IFIP International Symposium on Integrated Network Management (IM).
Silva, S. S., Silva, R. M., Pinto, R. C., and Salles, R. M. (2013). Botnets: A survey. Computer Networks, 57(2).
Sood, A. K. and Enbody, R. J. (2013). Crimeware-as-a-service—a survey of commoditized crimeware in the underground market. International Journal of Critical Infrastructure Protection, 6(1).
Symantec (2017). Internet Security Threat Report, Volume 22. Online.
Wang, A., Mohaisen, A., Chang, W., and Chen, S. (2015). Delving into Internet DDoS Attacks by Botnets: Characterization and Analysis. In Proc. of IEEE/IFIP International Conference on Dependable Systems and Networks.
Zargar, S. T., Joshi, J., and Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (DDoS) ooding attacks. IEEE communications surveys & tutorials, 15(4).
