A large percentage of the bots are located in Taiwan, Brazil and Colombia.

Press Release -- August 29th, 2016
Level 3 Threat Research Labs Releases New Malware Research

BROOMFIELD, Colo., Aug. 29, 2016 /PRNewswire/ -- The Level 3 Threat Research Labs, Level 3 Communications' (LVLT) threat intelligence and research arm, unveiled new research about the botnet size and behavior for the malware commonly referred to as Lizkebab, BASHLITE, Torlus or gafgyt, including botnet size and victim stats.

Experience the interactive Multimedia News Release here: http://www.multivu.com/players/Engli...earch-malware/

Access the comprehensive research here http://blog.level3.com/security/attack-of-things/.

New Research

  • The malware family is responsible for botnets that control approximately one million endpoints.
  • A large percentage of the bots are located in Taiwan, Brazil and Colombia, pointing to the uptick in malicious activity in the region noted by the Threat Research Labs in February 2016.
  • Almost 96 percent of the infected devices were Internet of Things (IoT) items of which 95 percent were cameras and DVRs, roughly 4 percent were home routers and less than 1 percent were compromised Linux servers.
  • The team observed a second behavior of some of the bots. These bots don't scan for open ports; they wait until they are instructed by the command-and-control (C2) servers before taking any action.
  • 75 percent of attacks are shorter than 5 minutes.
  • Some C2s exceeded 100 attacks a day; median active time for a C2 is around 13 days and often not contiguous.

Advice to IoT Users:

  • Buyer Beware: A lot of IoT products provided by well-known companies have detailed IoT security instructions. Buy from a trusted source or research and read consumer feedback. Ensure it is encrypted.
  • Passwords: Change the factory setting password to a "pass phrase." Pick a strong password and use a different one for every IoT device.
  • Updates: Update devices to take advantage of the latest security patches.