Malware, Network Security, Content

Mozi IoT Botnet: Here’s What MSSPs Need to Know

Share

Black Lotus Labs, the threat research and operations arm of CenturyLink, has identified a malware family that uses a botnet to launch distributed denial-of-service (DDoS) attacks and other malicious activities against Internet of Things (IoT) devices.

The malware family, dubbed "Mozi," consists of code from the Gafgyt, Mirai and IoT Reaper malware families, Black Lotus Labs noted. It targets IoT devices that are either unpatched or have weak telnet passwords and can form a peer-to-peer (P2P) botnet capable of DDoS attacks, data exfiltration and command or payload execution.

Mozi grew from 323 unique nodes on Dec. 27, 2019 to 2,191 nodes on Feb. 4, 2020, Black Lotus Labs indicated. Furthermore, Black Lotus Labs has observed over 15,858 unique Mozi nodes over the last four months.

How to Mitigate a Mozi Attack

Black Lotus Labs offers the following recommendations to secure IoT devices against the Mozi botnet:

  • Implement effective passwords.
  • Restrict IoT device access.
  • Patch IoT devices regularly.

In addition, Black Lotus Labs is monitoring the Mozi botnet and trying to determine the exact number of P2P nodes associated with it. Black Lotus Labs also is exploring ways to disrupt and slow the botnet's growth.

MSSPs Launch IoT Security Solutions

Meanwhile, cybersecurity firms are taking new steps to safeguard IoT systems. For instance:

  • Deloitte in April 2020 added Nozomi Networks IoT security solutions to its Cyber Risk services portfolio. In doing so, Deloitte now provides Nozomi Networks' IoT security solutions via its Cyber Intelligence Centers in EMEA.
  • IBM also in March 2020 released X-Force Threat Management (XFTM) services for IoT environments. This ensures that security teams can use XFTM services to identify, track and manage IoT threats, gain insights into IoT devices and secure them accordingly.

Mozi IoT Botnet: Here’s What MSSPs Need to Know

CenturyLink threat research & operations team Black Lotus Labs identifies Mozi, a malware family that uses a botnet to attack Internet of Things (IoT) devices.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.