Researchers uncover a rapidly spreading botnet malware taking over IoT devices and posing risk of “cyberstorm”.
A massive botnet is forming to create a “cyber-storm that could take down the internet”, according to security researchers.
In a report from IT security company Check Point, it is claimed that an estimated one million organizations have already been infected. The company said that the botnet – variously named ‘IoTroop’ or ‘Reaper’ by those observing its progress – is recruiting IoT devices such as IP wireless cameras to carry out the attack.
The researchers claim that this new botnet is “evolving and recruiting” IoT devices at a far greater pace – and with more potential for widespread damage – than the Mirai botnet of 2016.
“While some technical aspects lead us to suspect a possible connection to Mirai, this is an entirely new and far more sophisticated campaign that is rapidly spreading worldwide,” said the researchers.
“It is too early to guess the intentions of the threat actors behind it, but with previous botnet DDoS attacks essentially taking down the internet, it is vital that organisations make proper preparations.”
First signs of new threat
According to the researchers, the first signs of IoTroop were detected in the last few days of September. An increasing number of attempts were being made by hackers to exploit a combination of vulnerabilities found in various IoT devices.
“With each passing day, the malware was evolving to exploit an increasing number of vulnerabilities in wireless IP camera devices such as GoAhead, D-Link, TP-Link, AVTECH, NETGEAR, MikroTik, Linksys, Synology and others,” write Check Point’s researchers.
“It soon became apparent that the attempted attacks were coming from many different sources and a variety of IoT devices, meaning the attack was being spread by the IoT devices themselves.”
Check Point estimates that over one million organisations have already been affected worldwide, including many in the US and Australia, among other countries, and warn that the number is only increasing.
“Our research suggests we are now experiencing the calm before an even more powerful storm. The next cyber hurricane is about to come,” they warn.
Prediction of doom
Lee Munson, a security researcher at Comparitech.com, told Internet of Business that the internet appears to be at severe risk of compromise and that “the biggest facilitators of that prediction of doom are insecure Internet of Things devices”.
“As information security experts have been warning forever, it seems, a number of internet-connected fridges, kettles and light bulbs, along with the ever-vulnerable batch of routers and cameras, have all been marked for takeover by a new botnet,” he said.
“That this should be devastating if it comes to pass is hardly a surprise, given how many manufacturers of IoT devices care little for security before selling their shiny new products.”
While businesses may have the resources to ensure such devices in the workplace are not contributing to the problem, he added, none of their technical controls will be much good in the face of a marauding army of household gadgets intent of knocking them off the grid with a DDoS attack, “the like of which has not been seen before.”
“Therefore, it is vital that manufacturers do their part in securing the devices of tomorrow before they are allowed to destroy or severely disrupt the internet world they will be ultimately be joining,” added Munson.