Monitoramento e Caracterização de Botnets Bashlite em Dispositivos IoT
ResumoThe use of botnets, networks composed of malware-infected devices, for malicious activities, such as denial-of-service attacks and spam/phishing distribution, causes billion-dollar losses every year. The growth of the Internet of Things, combined with the low security of its devices, has provided invaders with a rich environment for the creation of botnets. To combat such networks, it is essential to understand their behavior. In this work we monitor widespread IoT-based Bashlite botnets using a network of low-interactivity honeypots. We analyzed both the scanning and infection of vulnerable devices as well as the command flow sent to infected devices by their controllers. Our results suggest that botnets rely on infrastructure providers, that most of the infections use unmodified publicly-available source code, and that there is a concentration of attacks on specific targets.
MARZANO, Artur et al. Monitoramento e Caracterização de Botnets Bashlite em Dispositivos IoT. In: SIMPÓSIO BRASILEIRO DE REDES DE COMPUTADORES E SISTEMAS DISTRIBUÍDOS (SBRC), 36. , 2018, Campos do Jordão. Anais do XXXVI Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos. Porto Alegre: Sociedade Brasileira de Computação, may 2018 . ISSN 2177-9384.