Emptiness DDoS Botnet

Emptiness is a newly observed Golang-based worm based on Mirai.

Threat ID:: CC-3175
Category:: Worm
Threat Severity:: Low
Threat Vector:
Published:: 12 August 2019 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Emptiness is a newly observed Golang-based worm based on Mirai.

Threat details

It attempts to enrol Internet-of-Things (IoT) devices into a distributed denial-of-service (DDoS) botnet.

As with most other Mirai variants, Emptiness propagates to vulnerable devices using brute-force attacks or default credentials. Once it has gained access, it will attempt to kill processes or close ports before connecting to a command and control server. It will then await further instructions.

Remediation steps

Type	Step
	To protect against DDoS attacks, NHS Digital recommends The use of a third-party DDoS mitigation tool. A DDoS mitigation plan. Should an organisation suspect it is subject to an active DDoS attack, NHS Digital recommends that whilst efforts are made to stop the attack and restore service, care should be taken to ensure that the attackers are not using the DDoS attack as a distraction whilst other, potentially more sensitive, systems are exploited. Monitoring of critical systems is recommended, including the use of Host Intrusion Prevention and Detection Systems (HIPS/HIDS) where appropriate. To avoid devices becoming part of an IoT botnet, NHS Digital recommends organisations should: Review the network security of IoT devices on the estate. Change any IoT device default usernames and passwords.

Type

Step

To protect against DDoS attacks, NHS Digital recommends

The use of a third-party DDoS mitigation tool.
A DDoS mitigation plan.

Should an organisation suspect it is subject to an active DDoS attack, NHS Digital recommends that whilst efforts are made to stop the attack and restore service, care should be taken to ensure that the attackers are not using the DDoS attack as a distraction whilst other, potentially more sensitive, systems are exploited. Monitoring of critical systems is recommended, including the use of Host Intrusion Prevention and Detection Systems (HIPS/HIDS) where appropriate.

To avoid devices becoming part of an IoT botnet, NHS Digital recommends organisations should:

Review the network security of IoT devices on the estate.
Change any IoT device default usernames and passwords.

Last edited: 11 January 2022 9:14 am