Massive botnet could “take down the Internet,” researchers warn

A massive botnet is forming to create a cyber storm that could “take down the Internet,” researchers at cyber protection company Check Point Software Technologies Ltd. warned on Thursday.

Check Point said in a blog post that they have discovered a brand new botnet that is “evolving and recruiting” Internet of Things (IoT) devices at a “far greater pace and with more potential damage than the Mirai botnet of 2016.”

In September of last year, the security news and investigation site KrebsOnSecurity.com reported being the “target of an extremely large and unusual distributed denial-of-service (DDoS) attack designed to knock the site offline.” While the Mirai attack did not succeed because of engineers at Akamai Technologies, it was “nearly double the size of the largest attack they’d seen previously, and was among the biggest assaults the Internet has ever witnessed,” KrebsOnSecurity.com reported on its website.

In the most recent attack, an estimated one million organizations have already been infected, “including the U.S., Australia and everywhere in between and the number is only increasing,” Check Point said in the blog post. The botnet is recruiting IoT devices such as IP wireless camera to carry out the attack.

IoT botnets are Internet-connected smart devices which have been infected by the same malware and are controlled by a threat actor from a remote location, Check Point explained. They have been behind some of the most damaging cyberattacks against organizations worldwide, including hospitals, national transport links, communication companies and political movements.

While some technical aspects led the researchers to suspect a possible connection to Mirai, “this is an entirely new and far more sophisticated campaign that is rapidly spreading worldwide,” the blog suggested. “It is too early to guess the intentions of the threat actors behind it, but with previous botnet DDoS attacks essentially taking down the Internet, it is vital that organizations make proper preparations and defence mechanisms are put in place before an attack strikes.”

Check Point added that “ominous signs” were first noticed in the last few days of September. With each passing day, the malware is evolving to exploit an increasing number of vulnerabilities in wireless IP camera devices. “It soon became apparent that the attempted attacks were coming from many different sources and a variety of IoT devices, meaning the attack was being spread by the IoT devices themselves,” the blog said. “Our research suggests we are now experiencing the calm before an even more powerful storm. The next cyber hurricane is about to come.”

Robert Hamilton, director of marketing at cybersecurity company Imperva, said in comments provided to Canadian Underwriter that “Mirai was a wake-up call to the IoT device makers to improve their security by making it more difficult to turn their devices into botnet ‘recruits.’ But there remain tens of millions of devices that are still vulnerable to being turned into DDoS zombies, and attackers have figured out how to rapidly expand IoT botnets that can wage large scale attacks. Consumers need to check their IoT device passwords, and organizations need to be prepared with a strong DDoS defence to thwart any possible strike.”

Additional measures to ensure IoT devices do not become unwitting members of a botnet include blocking Internet access to admin ports and disabling universal plug and play (UPnP) on the router or firewall. Also, consider isolating IoT devices on your network using segmentation or firewall policies and only let IoT devices communicate with IP addresses that are approved, Hamilton suggested.