Trend Micro provides Threat Protection Solutions for Persirai

 

 

Trend Micro has detected a new Internet of Things (IoT) botnet malware called Persirai. It was recently discovered targeting over 120,000 Internet Protocol (IP) cameras that are vulnerable to Persirai via Shodan. Trend Micro also provides solutions to protect against this threat.

 

IP cameras typically use Universal Plug and Play (UPnP) that allow devices to open a port on the router and act like a server, making them highly visible targets for IoT malware. After logging into the vulnerable interface, the attacker can perform a command injection to force the IP camera to connect to a download site via commands. After receiving commands from the server, the IP camera will then start automatically attacking other IP cameras by exploiting a zero-day vulnerability that was made public a few months ago. Attackers exploiting this vulnerability will be able to get the password file from the user, providing them the means to do command injections regardless of password strength. Moreover, the affected IP camera receives a command from the C&C server, instructing it to perform a DDoS attack on other computers via User Datagram Protocol (UDP) floods.

 

Persirai can perform User Datagram Protocol (UDP) DDoS attack with SSDP packets without spoofing IP address. Trend Micro found that the C&C servers were using the .IR country code. This specific country code is managed by an Iranian Research Institute which restricts it to Iranians only and some special Persian characters which the malware author used.

 

The targeted IP camera models are based on various Original Equipment Manufacturer (OEM) products. This development comes on the heels of Mirai that caused some of the most notable incidents of 2016 via Distributed Denial-of-Service (DDoS) attacks that compromised IoT devices such as Digital Video Recorders (DVRs) and CCTV cameras—as well as the Hajime botnet.

 

“The burden of IoT security does not rest on the user alone—it’s also dependent on the vendors themselves, as they should be the ones responsible for making sure that their devices are secure and always updated. In line with this, users should make sure that their devices are always updated with the latest firmware to minimize the chance of vulnerability exploits. Users can look into solutions such as Trend Micro Security and Trend Micro Internet Security, which offer effective protection for threat’s to IoT devices using security features that can detect malware at the endpoint level,” said Nilesh Jain, Country Manager (India and SAARC), Trend Micro. “Connected devices are protected by security solutions such as Trend Micro Home Network Security, which can check internet traffic between the router and all connected devices. In addition, enterprises can monitor all ports and network protocols to detect advanced threats and protect from targeted attacks via Trend Micro Deep Discovery Inspector.”