Category: Blog

COVID-19 originated in Wuhan, China and spread rapidly. With strict quarantine measures China seems to have stemmed the growing tide of new cases, capping the overall impact to just over 82,000 known cases and 3,322 deaths. The US is now home to the largest number of Coronavirus cases, with over 234,000 confirmed cases and 5,607 deaths. What comes next is anyone’s guess.

A crisis of this nature, precisely because it is unprecedented and shared by all parts of the globe in its impact, will bring forth a reckoning in its aftermath. People across the world will now see how the politicians, system, technologies and values of the United States did in contrast to those of Germany, the U.K., China and elsewhere. Is the US still the leader? Do we have a science-minded government and society that is well positioned to deal not only with COVID-19, but also the general threat of fast-spreading future pandemics? Are we capable not only of controlling the crisis at home, but reaching out to those nations of the world who do not have intrinsic capacity and are likely to be overwhelmed? Will the scientific breakthroughs come from the US or from elsewhere?

So far, it does not appear that we have handled this crisis in anywhere near an exemplary manner. Our politicians continue trading barbs and the system has not proved itself one which enables all sides to come together quickly in the greatest public interest. As Ed Yong, writing for The Atlantic, puts it, “Rich, strong, developed, America is supposed to be the readiest of nations. That illusion has been shattered. Despite months of advance warning as the virus spread in other countries, when America was finally tested by COVID-19, it failed.”

The Mozi botnet, a peer-to-peer (P2P) malware, has haunted Internet of Things (IoT) devices since first being identified in late 2019. And from October 2019 to June 2020, the botnet accounted for 90% of observed IIoT network traffic. In simpler terms, Mozi dwarfs activity from other similar malware, and is a painful reminder of the Mirai botnet, which unleashed sweeping attacks around the globe in 2016.

A very real threat, the Mozi botnet uses command injection to compromise devices and has four major capabilities. It can:

Conduct distributed denial-of-service attacks (HTTP, TCP, UDP)
Carry out command execution attacks
Download malicious payload from specified URLs and execute it
Gather bot information

Though similar to the Mirai attack, the Mozi botnet appears to be sourced from China. It is also slightly different from Mirai in that it targets reduced instruction set computer (RISC)-based CPUs (MIPS/ARM) specifically, which have replaced x86 based IoT devices. Diving into the virus specifically it is pretty standard:

UPX packed to reduce payload size
Kills other processes to ensure the 2 ports it needs are open (modifies IP tables to help ensure it is
the only botnet on the device)
Uses Telnet coupled with a small dictionary of passwords commonly used in IoT devices

According to Juniper Research, the total number of IoT connections will reach 83 billion by 2024, and the industrial sector is expected to make up more than 70% of those connections. As the botnet continues to grow, players in the industrial space need to take extra measures to protect their most critical IIoT assets. Certain cyber defense measures such as creating strong passwords or reinstalling operating systems and applications simply aren’t proactive and future-proof enough to prevent a devastating attack.

However, industrial companies can leverage a scalable, artificial intelligence (AI)-powered solution to protect their assets and their operations. Our DeepArmor® Industrial cybersecurity product employs advanced software to protect operational technology (OT) environments from advanced cyber attacks such as the Mozi botnet.

If you had the DeepArmor Industrial product installed, you could effectively catch the initial payload before any command-and-control attacks occur and compromise your entire OT network. Even better, the DeepArmor Industrial product could quarantine the Mozi threat before it has a chance to execute, preventing the threat from the get-go. Our product’s ELF model catches the initial attack with 99.87% confidence. This will enable your operations to remain up and running and avoid significant production or safety costs.

The Mozi botnet, a peer-to-peer (P2P) malware, has haunted Internet of Things (IoT) devices since first being identified in late 2019. And from October 2019 to June 2020, the botnet accounted for 90% of observed IIoT network traffic. In simpler terms, Mozi dwarfs activity from other similar malware, and is a painful reminder of the Mirai botnet, which unleashed sweeping attacks around the globe in 2016.

A very real threat, the Mozi botnet uses command injection to compromise devices and has four major capabilities. It can:

Conduct distributed denial-of-service attacks (HTTP, TCP, UDP)
Carry out command execution attacks
Download malicious payload from specified URLs and execute it
Gather bot information

Though similar to the Mirai attack, the Mozi botnet appears to be sourced from China. It is also slightly different from Mirai in that it targets reduced instruction set computer (RISC)-based CPUs (MIPS/ARM) specifically, which have replaced x86 based IoT devices. Diving into the virus specifically it is pretty standard:

UPX packed to reduce payload size
Kills other processes to ensure the 2 ports it needs are open (modifies IP tables to help ensure it is
the only botnet on the device)
Uses Telnet coupled with a small dictionary of passwords commonly used in IoT devices

According to Juniper Research, the total number of IoT connections will reach 83 billion by 2024, and the industrial sector is expected to make up more than 70% of those connections. As the botnet continues to grow, players in the industrial space need to take extra measures to protect their most critical IIoT assets. Certain cyber defense measures such as creating strong passwords or reinstalling operating systems and applications simply aren’t proactive and future-proof enough to prevent a devastating attack.

However, industrial companies can leverage a scalable, artificial intelligence (AI)-powered solution to protect their assets and their operations. Our DeepArmor® Industrial cybersecurity product employs advanced software to protect operational technology (OT) environments from advanced cyber attacks such as the Mozi botnet.

If you had the DeepArmor Industrial product installed, you could effectively catch the initial payload before any command-and-control attacks occur and compromise your entire OT network. Even better, the DeepArmor Industrial product could quarantine the Mozi threat before it has a chance to execute, preventing the threat from the get-go. Our product’s ELF model catches the initial attack with 99.87% confidence. This will enable your operations to remain up and running and avoid significant production or safety costs.

The Mozi botnet, a peer-to-peer (P2P) malware, has haunted Internet of Things (IoT) devices since first being identified in late 2019. And from October 2019 to June 2020, the botnet accounted for 90% of observed IIoT network traffic. In simpler terms, Mozi dwarfs activity from other similar malware, and is a painful reminder of the Mirai botnet, which unleashed sweeping attacks around the globe in 2016.

A very real threat, the Mozi botnet uses command injection to compromise devices and has four major capabilities. It can:

Conduct distributed denial-of-service attacks (HTTP, TCP, UDP)
Carry out command execution attacks
Download malicious payload from specified URLs and execute it
Gather bot information

Though similar to the Mirai attack, the Mozi botnet appears to be sourced from China. It is also slightly different from Mirai in that it targets reduced instruction set computer (RISC)-based CPUs (MIPS/ARM) specifically, which have replaced x86 based IoT devices. Diving into the virus specifically it is pretty standard:

UPX packed to reduce payload size
Kills other processes to ensure the 2 ports it needs are open (modifies IP tables to help ensure it is
the only botnet on the device)
Uses Telnet coupled with a small dictionary of passwords commonly used in IoT devices

According to Juniper Research, the total number of IoT connections will reach 83 billion by 2024, and the industrial sector is expected to make up more than 70% of those connections. As the botnet continues to grow, players in the industrial space need to take extra measures to protect their most critical IIoT assets. Certain cyber defense measures such as creating strong passwords or reinstalling operating systems and applications simply aren’t proactive and future-proof enough to prevent a devastating attack.

However, industrial companies can leverage a scalable, artificial intelligence (AI)-powered solution to protect their assets and their operations. Our DeepArmor® Industrial cybersecurity product employs advanced software to protect operational technology (OT) environments from advanced cyber attacks such as the Mozi botnet.

If you had the DeepArmor Industrial product installed, you could effectively catch the initial payload before any command-and-control attacks occur and compromise your entire OT network. Even better, the DeepArmor Industrial product could quarantine the Mozi threat before it has a chance to execute, preventing the threat from the get-go. Our product’s ELF model catches the initial attack with 99.87% confidence. This will enable your operations to remain up and running and avoid significant production or safety costs.