The source code of the Satori internet-of-things (IoT) botnet was posted online on Pastebin, security researchers reported. In early December last year, Satori affected 280,000 IP addresses in just 12 hours, ensnaring numerous home routers to become part of its botnet.
Satori (also known as Mirai Okiru, and detected by Trend Micro as ELF_MIRAI.AUSR), which means “enlightenment” or “awakening” in Japanese (“okiru” means “to rise”), was pegged to be the successor of the infamous Mirai botnet, which similarly zombified routers and knocked high-profile sites offline. Like Satori, the original Mirai’s source code was also released publicly, and has since spawned iterations. Mirai-based attacks were recently spotted in Colombia, Ecuador, Panama, Egypt, Tunisia, and Argentina.
Satori exploits two vulnerabilities:
Initial feedback from Trend Micro’s telemetry revealed over 170,000 Satori-related detections in December 2017. The Satori-related attacks were prominent in Europe (Italy, France), North Africa and Middle East (Tunisia, Egypt), and South America (Colombia, Ecuador), as well as the U.S. and Japan.
Satori is a credible threat given the increasing popularity of IoT devices in homes and workplaces, and the adverse impact they can cause when compromised. Distributed denial-of-service (DDoS) attacks, Domain Name System (DNS)-changing malware, and cryptocurrency-mining malware are just some of the threats users and businesses can be exposed to. IoT devices can also suffer from significant performance slowdowns.
Here are some best practices for making routers and networks more resistant to attacks:
Trend Micro Smart Home Network (SHN) provides an embedded network security solution that protects all devices connected to a home network against cyberattacks. Based on Trend Micro’s rich threat research experience and industry-leading deep packet inspection (DPI) technology, SHN offers intelligent quality of service (iQoS), parental controls, network security and more.
Trend Micro™ Deep Discovery™ provides detection, in-depth analysis, and proactive response to attacks using exploits and other similar threats through specialized engines, custom sandboxing, and seamless correlation across the entire attack lifecycle, allowing it to detect these kinds of attacks even without any engine or pattern update. These solutions are powered by XGen™ security, which provides a cross-generational blend of threat defense techniques against a full range of threats for data centers, cloud environments, networks, and endpoints. Smart, optimized, and connected, XGen™ powers Trend Micro’s suite of security solutions: Hybrid Cloud Security, User Protection, and Network Defense.
Trend Micro Deep Discovery Inspector protects customers from Satori-related threats through these DDI rules:
Trend Micro Smart Home Network protects customers from Satori-related threats through these detection rules:
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.