HiatusRat Malware: A Rising Threat to IoT Devices

12/20/20242 min read

The digital world is buzzing with yet another alarming cybersecurity development. The FBI has recently raised concerns about the HiatusRAT malware, which is now taking aim at vulnerable IoT devices, particularly web cameras and DVRs. If you rely on such devices at home or in your organization, this is your call to action: it’s time to prioritize your cybersecurity defenses.

What is HiatusRAT?

HiatusRAT (Remote Access Trojan) is a malicious program designed to give cybercriminals remote control over infected devices. Initially, this malware targeted network edge devices with outdated software, but it has expanded its reach to include IoT devices. These devices often have weaker security measures, making them attractive targets for exploitation.

The malware uses vulnerabilities like CVE-2017-7921 and CVE-2018-9995, which remain widespread in older or poorly secured devices. In some cases, attackers gain access simply because devices still use default or weak passwords.

How Does the Attack Work?

The attackers behind HiatusRAT have a specific modus operandi:

  • Targeted Devices: The malware primarily focuses on Chinese-branded web cameras and DVRs, particularly those from Hikvision and Xiongmai.

  • Vulnerability Exploitation: By scanning for devices with specific exposed TCP ports (e.g., 23, 26, 554, 8080), they identify and compromise targets.

  • Use of Tools: Open-source tools like Ingram (a vulnerability scanner) and Medusa (a brute-force tool) are employed to breach these devices.

Once a device is compromised, it can be used as an entry point into larger networks, opening the door for surveillance, data theft, or launching broader attacks.

Why Should You Care?

This isn’t just an isolated technical issue—it’s a growing threat with serious implications. IoT devices like web cameras and DVRs are often integrated into critical systems. A single breach could expose sensitive information or disrupt operations. Worse, attackers could use compromised devices to infiltrate more secure areas of a network.

How to Protect Yourself

To combat this threat, take the following steps:

  1. Keep Firmware Updated: Regularly check for and install firmware updates for your IoT devices. Manufacturers often release updates to fix security vulnerabilities.

  2. Change Default Passwords: Ensure all devices have strong, unique passwords. Default credentials are an open invitation to attackers.

  3. Disable Unused Features: Turn off services like Telnet if they are not in use. Reducing the number of active features minimizes attack vectors.

  4. Isolate IoT Devices: Segment IoT devices from critical parts of your network to prevent lateral movement in case of a breach.

  5. Monitor Network Activity: Keep an eye on unusual traffic or device behavior. Early detection is key to stopping an attack in progress.

The Bigger Picture

The rise of HiatusRAT malware is a stark reminder that cybersecurity must evolve alongside the threats. IoT devices bring incredible convenience, but they also come with risks if not properly secured. Whether you’re an individual user or an organization, taking proactive measures now can save you from significant headaches down the road.

Staying informed, vigilant, and prepared is the best defense. Don’t let your IoT devices become an attacker’s playground—secure them today.