A fun project I worked on in my early career was tracking DDoS attacks. A lot of DDoS attacks come from infected IoT devices. But most IoT devices use ramdisks, meaning any modifications to the main filesystem gets erased upon reboot, removing the malware along with it. 1/?
Comments
You can find an army of them in every Airport, every business in Las Vegas, hotel clusters by airports, warehouse districts on small cities.
Consumer routers varied on how savvy the homeowner or SOHO was but you could scoop up NVRs everywhere. & they almost never get reset.
Reading on would lull me to sleep and I am busy mucking off at work and foraging for food.
I went for my PenTest and I was pissed. I didn’t pass (Jason Dion didn’t do a good job lol)
I went for my
I know it's coming, but you don't. And I get to giggle the whole time.
I tried so hard getting anyone to take it seriously. I wanted to have the devices mass-patched, but could never get authorization for such an unprecedented operation
Things are so much worse now
https://www.orangecyberdefense.com/fileadmin/global/CyberIntelligenceBureau/Gangs_Investigations/DARKSTORMTEAM/DarkStormTeam-EN.pdf
"If my clients could read they'd be very upset at my pricing" 😂
I'm not up to date, but would something like that possibly leave temporary ghost files you could find even after power off?
2) There are techniques to amplify attacks. So the compromised devices may not even represent the bulk of the resources being deployed in the assault.
However many of them do communicate with remote servers (via NAT) and with the bluetooth devices, so I have to assume it is still possible for some to become infected and I have no way to know.