Meet IOTroop — The botnet that may be more destructive than Mirai

I have reported in the past on the Mirai botnet and the destruction it has left in its wake (as have other TechGenix authors). As is with any major attack method utilized by cybercriminals, there are always going to be new and more powerful methods that they can employ. How this relates to Mirai is that, if certain research proves true, the botnet will soon be eclipsed by a far more powerful botnet that is out in the wild. Dubbed IOTroop by researchers at the security firm Check Point, the IoT botnet was first discovered by Check Point’s Intrusion Prevention System in September. They noticed that hackers were attempting to exploit various vulnerabilities in numerous IoT devices. The malware and botnet, once on the radar of Check Point’s research team, was found to grow at an alarming rate with regards to its targets.

As a Check Point blog post about IOTroop states:

With each passing day the malware was evolving to exploit an increasing number of vulnerabilities in Wireless IP Camera devices such as GoAhead, D-Link, TP-Link, AVTECH, NETGEAR, MikroTik, Linksys, Synology and others. It soon became apparent that the attempted attacks were coming from many different sources and a variety of IoT devices, meaning the attack was being spread by the IoT devices themselves.

Initially, it was believed that these attacks were merely an extension of Mirai, as there was similar code found in IOTroop. What led researchers to change their mind and recognize that this was a new botnet had to do with its attack scope. In an interview with Kaspersky Lab’s Threatpost, Maya Horowitz, group manager of threat intelligence at Check Point, stated:

The most interesting difference between this malware and Mirai is that it is far more sophisticated. Attackers are not just exploiting default credentials to compromise devices, but also using a dozen or more vulnerabilities to get on these devices.

At the time of this article’s writing, around 1 million organizations globally have been affected by IOTroop. The countries that these organizations are located in include the U.S., Australia, and many more. The threat actors that are utilizing this botnet have yet to be identified, but researchers warn that a massive security incident (namely a DDoS attack on the IoT) is likely coming soon via IOTroop.

I will continue to monitor this botnet and keep you in the loop about any further issues.

Photo credit: Flickr / Christoph Scholz