A few weeks ago, security researchers sounded alarm bells over a new botnet that’s growing beyond anything previously seen. If this sounds like the beginning of a Marvel film, well, that’s just where we are at these days, I guess. Botnets are legions of internet connected devices that are exploited by cybercriminals to do their bidding. As Slate reports:
It’s hard to know at this point what form that harm will take. Like Mirai, IOTroop could be used to launch a massive denial-of-service attack. Or, it could be used to distribute ransomware, or to send spam or phishing messages, or merely rented out at an exorbitant hourly rate to anyone who wants to do any of those things.
The problem is that botnets are an inherent risk baked into the entire structure of the internet. There’s only two ways to address botnets. First, if the owners and services of these internet connected devices kept all of their hardware patched and up to date, these botnets would be hedged. Exploits always precede patches, but if patches and updates are timely enough, they’ll minimize exploited hardware. That’s not going to happen on a large enough scale since billions of devices are connected to the internet and the incentive to keep all of this hardware up to date is just a click above nonexistent. The second option is for ISPs to detect compromised hardware and deny its access to the internet. Beyond the legal implications, taking all of this hardware offline intentionally runs the risk of creating a problem that’s even bigger than whatever the botnet might eventually cause, it’s a kamikaze solution.
Man made natural disasters are increasing in scale
Earlier this year, when we reported on the Equifax breach, we noted that these types events are due to grow, which is really one of the easiest predictions to make. Our lives and businesses depend on technology more and more, and this reliance on technology comes with drawbacks. Botnets are among the most important drawbacks due to their consequences, such as distributed denial of service attacks, or DDoS for short. If a DDoS attack is large enough, it can effectively take down the internet of entire countries, and even the world.
We just celebrated the first year anniversary of the largest DDoS attack in history a few weeks ago. On Oct 16th 2016, The Guardian reported on the Mirai botnet:
The cyber-attack that brought down much of America’s internet last week was caused by a new weapon called the Mirai botnet and was likely the largest of its kind in history, experts said.
The victim was the servers of Dyn, a company that controls much of the internet’s domain name system (DNS) infrastructure. It was hit on 21 October and remained under sustained assault for most of the day, bringing down sites including Twitter, the Guardian, Netflix, Reddit, CNN and many others in Europe and the US.
What can you do?
IOTroop, also referred to as Reaper, is growing faster and is much more sophisticated than Mirai. KrebsOnSecurity.com provided a detailed analysis if you’d like more details, but here’s a highlight:
Check to make sure your network isn’t part of the problem: Netlab’s advisory links to specific patches available by vendor, as well as indicators of compromise and the location of various Reaper control networks. CheckPoint’s post breaks down affected devices by version number but doesn’t appear to include links to security advisories or patches.
Businesses need to respond quickly, and for those of us at home, it’s worth checking out if your router is on the list of affected devices. If you aren’t sure if your business is affected, feel free to reach out and we can provide a network assessment that will detail your business’ vulnerabilities and much more.