The Daily Swig Web security digest

New IoT botnet will make Mirai look like child’s play

James Walker | 23 October 2017 at 10:00

Entirely new campaign spreading rapidly worldwide.

A new IoT botnet that’s already thought to have affected more than a million organizations worldwide has the potential to cause more damage than the Mirai attacks of 2016, researchers have warned.

According to cybersecurity firms Check Point and Netlab 360, a brand new botnet – dubbed variously ‘IoT_reaper’ and ‘IoTroop’ – is recruiting IoT devices such as IP wireless cameras to carry out the attack. And given the upward trend of infection, the researchers said October marks the “calm before the storm”.

“Our research began at the end of September after noticing an increase in attempts to penetrate our IoT intrusion protection system,” Check Point researchers said. “Following this suspicious activity, we soon realized we were witnessing the recruitment stages of a vast IoT botnet.”

With each passing day, the researchers said the malware has been evolving to exploit an increasing number of vulnerabilities in wireless IP camera devices such as GoAhead, D-Link, TP-Link, Avtech, Netgrear, MikroTik, Linksys, Synology, and others.

“It soon became apparent that the attempted attacks were coming from many different sources and a variety of IoT devices, meaning the attack was being spread by the IoT devices themselves,” the analysts stated.

While Check Point noted that some technical aspects of IoT lead the researchers to suspect a possible connection to Mirai, they stressed that this is an “entirely new and far more sophisticated campaign” that is spreading rapidly around the globe.

Specifically, unlike Mirai, which uses weak or default password cracking, IoTroop infects IoT devices by actively exploiting multiple device vulnerabilities.

“So far, we estimate over a million organizations have already been affected worldwide, including the US, Australia, and everywhere in between, and the number is only increasing,” the researchers said.

“It is too early to guess the intentions of the threat actors behind it, but with previous botnet DDoS attacks essentially taking down the internet, it is vital that organizations make proper preparations and defense mechanisms are put in place before an attack strikes.”