This new botnet could take down the internet - and it's rapidly spreading across the world
New botnet spotted enslaving internet-of-things (IoT) devices, said Check Point.
Up to a million organisations around the world have already been infected by a new computer bot network that has the potential to "take down the internet", researchers warn.
According to cybersecurity company Check Point, a new botnet has been spotted which is enslaving internet-of-things (IoT) devices – mainly internet routers and remote cameras. "The next cyber-hurricane is about to come," the firm claimed in a report this week (19 October).
Research suggested that the new botnet is evolving at a rapid pace, and could soon be weaponised to launch cyberattacks in the same fashion as "Mirai" last year.
Check Point said: "While some technical aspects lead us to suspect a possible connection to Mirai, this is an entirely new and far more sophisticated campaign that is rapidly spreading worldwide."
"It is too early to guess the intentions of the threat actors behind it, but with previous botnet DDoS attacks essentially taking down the internet, it is vital that organisations make proper preparations," the team noted.
When the Mirai botnet hit a year ago, in October 2016, the computing power was exploited to take a slew of US websites offline – including Twitter, Reddit and Netflix – using denial of service attacks.
A few months later, in November, a variant of the Mirai botnet was deployed to take approximately 900,000 Deutsche Telekom routers offline, leaving customers without internet.
Essentially, IoT botnets are made up of web-connected smart devices that are infected with malicious software. With the popularity of the IoT, many products are being rushed to market without proper security – leaving them open to attack.
In the last few days of September, Check Point noticed an "increasing number of attempts" by unknown hackers to exploit several existing vulnerabilities in IoT devices.
It found that malware was being used against wireless IP cameras such as "GoAhead, D-Link, TP-Link, AvTech, Netgear, MikroTik, Linksys, Synology" and others.
The attempted infiltrations were coming from different sources, suggesting a botnet was at work.
"So far we estimate over a million organisations have already been affected worldwide, including the US, Australia and everywhere in between," Check Point warned.
The company's research started at the end of September 2017, and the team said it "soon realised" that it had stumbled upon the "recruitment stages of a vast IoT botnet".
In the last few days, the team said, the botnet has been evolving. "It is vital to have the proper preparations and defence mechanisms in place before an attack strikes," experts said.
In July, a 29-year-old man admitted to launching the Deutsche Telekom hack and was convicted in a German court. Known only as Daniel K., a court in Cologne handed him a suspended sentence of a year and eight months for "attempted commercial computer sabotage".
The culprits behind the latest wave of botnet activity remain unknown at the time of writing.