A new IoT botnet storm is coming

Kaspersky Lab enriches its APT Intelligence Reports with added actors' profiles and MITRE ATT&CK framework
Kaspersky Lab enriches its APT Intelligence Reports with added actors' profiles and MITRE ATT&CK framework. (image source: Flickr/ perspec_photo88)
A new IoT botnet storm is coming
A new IoT botnet storm is coming (image source: Flickr/ perspec_photo88)

New cyber-storm clouds are gathering. Check Point Researchers have discovered that Botnets are evolving and recruiting IoT devices at a far greater pace and with more potential damage than the Mirai botnet of 2016.

IoT Botnets are Internet-connected smart devices which have been infected by the same malware and are controlled by a threat actor from a remote location. They have been behind some of the most damaging cyber attacks against organisations worldwide, including hospitals, national transport links, communication companies and political movements.

While some technical aspects lead to suspect a possible connection to Mirai, this is an entirely new and far more sophisticated campaign that is rapidly spreading worldwide. It is too early to guess the intentions of the threat actors behind it, but with previous Botnet DDoS attacks essentially taking down the Internet, it is vital that organisations make proper preparations and defence mechanisms are put in place before an attack strikes.

Ominous signs were first picked up via Check Point’s Intrusion Prevention System (IPS) in the last few days of September. An increasing number of attempts were being made by hackers to exploit a combination of vulnerabilities found in various IoT devices.

With each passing day, the malware was evolving to exploit an increasing number of vulnerabilities in Wireless IP Camera devices such as GoAhead, D-Link, TP-Link, AVTECH, NETGEAR, MikroTik, Linksys, Synology and others. It soon became apparent that the attempted attacks were coming from many different sources and a variety of IoT devices, meaning the attack was being spread by the IoT devices themselves.

So far it is estimated that over a million organisations have already been affected worldwide, including the US, Australia and everywhere in between, and the number is only increasing.

Upon further research, it was found that numerous devices were both being targeted and later sending out the infection. These attacks were coming from many different types of devices and many different countries, totalling approximately 60% of the corporate networks which are part of the ThreatCloud global network.

According to the research, we are now experiencing the calm before an even more powerful storm. The next cyber hurricane is about to come.

Edited by Fundisiwe Maseko
Follow Fundisiwe Maseko on Twitter
Follow IT News Africa on Twitter