Skip to main content

Hakai Botnet

Hakai is a distributed denial-of-service (DDoS) botnet based on the Mirai and Gafgyt malware.
Threat ID:
CC-2556
Category:
Botnet
Threat Severity:
Low
Threat Vector:
Insecure network
Published:
1 August 2018 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

Hakai is a distributed denial-of-service (DDoS) botnet based on the Mirai and Gafgyt malware.

Threat details

Like all Mirai-variant malware, Hakai is distributed to vulnerable devices through brute-force attacks or 0-day exploits. It will also use a list of default credentials to gain access.

Hakai is used to perform HTTP, UDP, TCP and STD flood DDoS attacks.

Remediation advice

To avoid devices becoming part of an Internet-of-Things (IoT) botnet, organisations should:

Remediation steps

Type Step
  • Review the network security of IoT devices on the estate.
  • Change any IoT device default usernames and passwords.

To protect against a distributed denial-of-service (DDoS) attack, organisations should ensure:

  • They have suitable DDoS mitigation tools.
  • They have a DDoS mitigation plan in place.

Should an organisation suspect it is subject to an active DDoS attack, they should ensure that every effort is made to stop the attack and restore service. However, care should be taken to ensure that the attackers are not using the DDoS attack as a distraction whilst other, potentially more sensitive, systems are exploited. Monitoring of critical systems is recommended, including the use of host intrusion prevention and detection systems (HIPS/HIDS) where appropriate.

Last edited: 17 February 2020 12:44 pm