Months before Mirai malware was found to be infecting IoT devices, CyberX’s threat intelligence team discovered Radiation. Targeting surveillance cameras commonly used in industrial environments, the Radiation malware is much more sophisticated than Mirai because it exploits a zero-day vulnerability in IIoT devices rather than open ports and default credentials that can easily be addressed. We’ve since identified 25,000 Internet-accessible devices compromised by Radiation, and found that cybercriminals are now providing DDOS-for-Hire services using this massive botnet army.

With the rise of the Internet of Things (IoT), many devices are being connected to the internet in order to enable smarter and more efficient processes and leverage the analysis of big data. At times, this is also referred to as the Industrial Internet or the Industrial Internet of Things (IIoT). In short, it is a revolution in which the physical world is experiencing increased connectivity, with the purpose of creating better manufacturing, transportation, consumption of energy and more. However, this increased connectivity gives rise to major cyber security challenges, entailing many threats. These threats might take on many forms, one of which is described in this document. To be more exact, the document describes the Radiation campaign. Given the unique characteristics of this campaign, it should not be taken lightly, and can be considered as a milestone in the inevitable rise of cyber security risks posed by the IoT revolution.

Radiation is a DDOS campaign targeting IoT devices. The attackers have put effort into targeting these devices, modifying an existing malware in the process to meet their needs. This is a real world example of how the rise of the Internet of Things (IoT) is shadowed by the rise of new cyber threats to this rapidly evolving ecosystem. Although this realization is something that many cyber security experts have been expressing, the Radiation campaign is a clear example of this, shedding light on how IoT environments can be leveraged by attackers for their own malicious intents.