Level 3 Threat Research Labs tracked a family of malware, variously called Lizkebab, BASHLITE, Torlus and Gafgyt, that is capable of causing IoT-based DDoS attacks. Most of the infected IoT devices are digital video recorders (DVRs).
What is BASHLITE?
Bashlite can brute force a vulnerable device and steal its login credentials and distributes itself on other devices. Researchers further explained that the malware source code was leaked back in 2015 (it has a dozen of variants in 2016) that revealed that its prime target is Linux-based IoT devices.
How To Protect Yourself
One of the easiest ways to protect yourself is to change the default admin passwords on your devices. If you have access to the control panel of a CCTV or DVR, change the admin password to something strong.
Researchers have found over 1 million devices manufactured by Dahua Technology being infected with Bashlite malware in Brazil, Colombia and Taiwan.
Global Distribution of gafgyt Bots (Source: Level 3 Threat Research Labs)