A New IoT Botnet Storm Is Coming

Uploaded on 2017-10-31 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Hackers, TECHNOLOGY-Key Areas-Internet of Things

New cyber-storm clouds are gathering. CheckPoint Researchers have discovered of a brand new Botnet evolving and recruiting IoT devices at a far greater pace and with more potential damage than the Mirai botnet of 2016.

IoT Botnets are Internet connected smart devices which have been infected by the same malware and are controlled by a threat actor from a remote location. They have been behind some of the most damaging cyberattacks against organisations worldwide, including hospitals, national transport links, communication companies and political movements.

While some technical aspects lead us to suspect a possible connection to Mirai, this is an entirely new and far more sophisticated campaign that is rapidly spreading worldwide. It is too early to guess the intentions of the threat actors behind it, but with previous Botnet DDoS attacks essentially taking down the Internet, it is vital that organizations make proper preparations and defense mechanisms are put in place before an attack strikes.

Ominous signs were first picked up via CheckPoint’s Intrusion Prevention System (IPS) in the last few days of September. An increasing number of attempts were being made by hackers to exploit a combination of vulnerabilities found in various IoT devices.

With each passing day the malware was evolving to exploit an increasing number of vulnerabilities in Wireless IP Camera devices such as GoAhead, D-Link, TP-Link, AVTECH, NETGEAR, MikroTik, Linksys, Synology and others. It soon became apparent that the attempted attacks were coming from many different sources and a variety of IoT devices, meaning the attack was being spread by the IoT devices themselves.

Over a million organisations have already been affected worldwide, including the US, Australia and everywhere in between, and the number is only increasing.

Research suggests we are now experiencing the calm before an even more powerful storm. The next cyber hurricane is about to come.

Research Background

Creating networks of infected devices is not a quick task for an attacker. In order to establish an effective Botnet, the attacker needs to be able to control a vast number of devices. As sending the malicious code to each device individually would be a large and time consuming task, it is much easier to have each infected device spreading the malicious code to other similar devices themselves. This method of attack is considered a propagation attack, and is essential in quickly creating a large network of controlled devices.

Research began at the end of September ‘17 after noticing an increase in attempts to penetrate IoT IPS protections.

Upon further research, it was found that numerous devices were both being targeted and later sending out the infection. These attacks were coming from many different types of devices and many different countries, totaling approximately 60% of the corporate networks which are part of the ThreatCloud global network.

To conclude, in the last few days around the 18th October a new botnet has been evolving. While some technical aspects lead us to suspect a possible connection to the Mirai botnet, this is an entirely new campaign rapidly spreading throughout the globe. It is too early to assess the intentions of the threat actors behind it, but it is vital to have the proper preparations and defense mechanisms in place before an attack strikes.

IPS Coverage

While this may be an emerging threat of millions of attacks being conducted, the methods of infection are already being prevented by Check Point IPS. The vulnerability listed has been covered, and devices are currently being monitored for new variants.

Checkpoint:

You Might Also Read:

Internet of Insecure Things:

IoT Is A Cyberwar Nightmare:

« Iran Responsible For Cyber Attack On British Parliament
UK Health Service Should Have Prevented WannaCry Attack »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Conscio Technologies

Conscio Technologies

Conscio Technologies is a specialist in IT security awareness. Our solutions allow you to easily manage innovative online IT awareness campaigns.

RoboForm

RoboForm

RoboForm's industry-leading encryption technology securely stores your passwords, with one Master Password serving as your encryption key.

TestFort

TestFort

TestFort QA Lab is a specialized software testing company offering independent quality assurance and software testing services.

DataSunrise

DataSunrise

DataSunrise Data-Centric high-performance security software protects the sensitive data in real-time in cloud or on premises, and helps organizations to stay compliant.

Signifyd

Signifyd

Signifyd is the world's largest provider of Guaranteed e-Commerce Fraud Protection.

Mend.io

Mend.io

Mend.io (formerly known as WhiteSource) is an application security company built to secure today’s digital world.

Cyber Security Cloud (CSC)

Cyber Security Cloud (CSC)

Cyber Security Cloud provides web application security services worldwide using world's leading cyber threat intelligence and AI technology.

NJVC

NJVC

NJVC delivers IT automation, optimization and security to empower mission-enabling IT for customers with secure requirements.

Constella Intelligence

Constella Intelligence

Constella Intelligence provides digital risk protection services to quickly and efficiently disrupt cyber attacks and data breaches before they occur.

Digital Pathways

Digital Pathways

Digital Pathways is an award-winning data security provider that helps businesses protect their digital assets.

HEQA Security

HEQA Security

HEQA Security (formerly QuantLR) offer the world’s most cost-effective, easy-to-integrate, and secure Quantum Key Distribution (QKD) solution

CFTS

CFTS

CFTS 'Computer Facilities Technical Services' is a Ugandan ICT Support Company that specialises in infrastructure and support services including network security.

OpsHelm

OpsHelm

OpsHelm provides a Software-as-a-Service solution to help businesses ensure that all of their cloud environments have their security bases covered.

Moore ClearComm

Moore ClearComm

Moore ClearComm is part of Moore Kingston Smith a leading UK firm of accountants and business advisers. Our services include Data Privacy, Cyber Security, Business Continuity and Information Security.

BreakPoint Labs

BreakPoint Labs

BreakPoint Labs is dedicated to providing the methods and means for sustainable, measurable, and effective cybersecurity operations.

IT.ie

IT.ie

IT.ie are a comprehensive provider of Managed IT Services, Cloud Solutions, Cyber Security, and proactive IT support services.