A new Botnet that can take control over IoT devices like internet routers and remote cameras has succeeded in infecting over a million organisations, says security firm Check Point.
The new Botnet is far more sophisticated than Mirai and has the capability to launch the next cyber-hurricane, Check Point adds.
Research by security firm Check Point has revealed the arrival of a powerful and sophisticated Botnet dubbed ‘IoTroop’ that has already affected over a million organisations worldwide and can easily take control of and enslave millions of IoT devices like internet routers and remote cameras.
Check Point believes that the IoTroop Botnet is ‘evolving and recruiting IoT devices at a far greater pace and with more potential damage than the Mirai botnet of 2016’.
The use of Botnets to exploit security vulnerabilities in IoT devices has been gaining pace all over the world. Last year, the Mirai Botnet, armed with a dictionary of username and password combinations, scanned IP addresses for open ports in IoT devices and subsequently infected them, affecting millions of such devices in the process.
Botnet-led malware attacks on IoT devices have so far affected 49% of healthcare organisations, 82% of manufacturing, 76% of retail and 85% of government-owned or issued IoT tech.
However, the new IoTroop Botnet could cause much greater devastation that any Botnet used in the past. In fact, researchers at Check Point believe that it could usher in the next cyber-hurricane and bring down the Internet.
‘With each passing day the malware was evolving to exploit an increasing number of vulnerabilities in Wireless IP Camera devices such as GoAhead, D-Link, TP-Link, AVTECH, NETGEAR, MikroTik, Linksys, Synology, and others.
‘It soon became apparent that the attempted attacks were coming from many different sources and a variety of IoT devices, meaning the attack was being spread by the IoT devices themselves,’ they noted.
‘So far we estimate over a million organizations have already been affected worldwide, including the US, Australia and everywhere in between, and the number is only increasing. Our research suggests we are now experiencing the calm before an even more powerful storm. The next cyber hurricane is about to come,’ they added.
They said that hackers behind IoTroop are using infected devices to spread malicious code to other similar devices themselves. This method, known as a propagation attack, can help them in quickly creating a large network of controlled devices and thereby affecting large organisations.
Since Botnet DDoS attacks have been used in the past to take down the Internet, organisations must make proper preparations and put in place defence mechanisms to preempt such attacks.
‘With the sheer amount of IoT devices, supposedly exceeding £20 billion in 2017, it makes perfect sense that malware writers and indeed digital criminals will utilise as many of those devices as possible to help them plunder the internet. Unlike normal criminal activity it’s not governed by boundaries- it makes no difference if the compromised device exists in the UK, USA or Australia, it’s all fair game to them,’ says Mark James, Security Specialist at ESET.
The need to make IoT devices cheaper, more accessible and more user-friendly has forced IoT-device makers to pay less heed to security. ‘ It’s not always going to the a tech guru installing; as this technology becomes more widely available, the average user needs to be able to order, receive, (pre)setup and forget as quickly as possible to make it desirable for the untechnical user to embrace.
‘All of these features make the perfect recipe for disaster- one we have seen before, we will see again, and one which, worryingly, we will continue to see until security becomes a minimum standard for any internet connected device,’ he adds.