April 20, 2017 By Mark Samuels 2 min read

A new worm is battling botnets and other malicious threats to take control of the Internet of Things (IoT). The malware, known as Hajime, appears to have been created by a vigilante attempting to improve IoT device security. Rapidty Networks discovered Hajime in October 2016, but only recently found that the malware is not being used against IoT devices errantly.

Hajime could help IT decision-makers and their organizations embrace the new era of connectivity associated with IoT devices. However, its positive impact is likely to be temporary, and business leaders should recognize that there is no substitute for good management practices.

What Is Hajime?

Ars Technica explained that Hajime’s discovery followed in the wake of a similar IoT device botnet known as Mirai, which was associated with record-setting distributed denial-of-service (DDoS) attacks last year.

Like Mirai, Hajime spreads via unsecured devices that have open Telnet ports and rely on default passwords. However, Hajime is built on a peer-to-peer network and propagates across other machines over time. It is also more advanced than Mirai, and takes many steps to conceal its processes and hide its files.

According to Symantec, Hajime has spread quickly since its initial discovery. Although it is tough to guess at the size of the peer-to-peer network, the firm estimated that the worm had affected tens of thousands of IoT devices.

Good News or Bad News for IoT Devices?

Symantec tracked infections worldwide during the past six months and found large numbers of installations in Brazil and Iran. However, this spread is not necessarily bad news: The researchers noted that Hajime is using its self-replication module to fight Mirai and other IoT device botnets.

The giveaway is that Hajime is missing notable negative features. The worm does not have any DDoS capabilities or attacking code. Instead, it simply draws a statement about white-hat hacking from its controller and presents a message on screen approximately every 10 minutes.

In fact, the installed worm works to improve IoT device security. It blocks access to ports 23, 7547, 5555 and 5358, which are known to host potentially exploitable services, Symantec reported. Mirai, for example, is known to target these ports.

What Are the Lessons for IT Decision-Makers?

Hajime has undoubtedly helped in the fight against Mirai and other IoT malware. Other white-hat worms, such as Linux.Wifatch and BrickerBot, have also attempted to secure devices or take systems offline. Bleeping Computer suggested that, in an era where IoT vendors do not seem interested in device security, vigilante malware could become widespread.

While these worms can help in the fight against malicious threats, IT decision-makers cannot take their assistance for granted. Symantec suggested that these tools have a short lifespan — once the IoT device is rebooted, it returns to its unsecured state. The firm also questioned whether it is wise for businesses to rely on the work of an unknown white-hat hacker whose intentions could change.

Users of IoT devices to take steps to avoid infection. These best practices include researching capabilities and security features, performing an audit of IoT devices on an enterprise network, changing default credentials on devices, and using strong and unique passwords for accounts and networks.

More from

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today