Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Botnet Security The Internet

2 Million IoT Devices Enslaved By Fast-Growing BotNet (bleepingcomputer.com) 69

An anonymous reader writes: Since mid-September, a new IoT botnet has grown to massive proportions. Codenamed IoT_reaper, researchers estimate its current size at nearly two million infected devices. According to researchers, the botnet is mainly made up of IP-based security cameras, routers, network-attached storage (NAS) devices, network video recorders (NVRs), and digital video recorders (DVRs), primarily from vendors such as Netgear, D-Link, Linksys, GoAhead, JAWS, Vacron, AVTECH, MicroTik, TP-Link, and Synology.

The botnet reuses some Mirai source code, but it's unique in its own right. Unlike Mirai, which relied on scanning for devices with weak or default passwords, this botnet was put together using exploits for unpatched vulnerabilities. The botnet's author is still struggling to control his botnet, as researchers spotted over two million infected devices sitting in the botnet's C&C servers' queue, waiting to be processed. As of now, the botnet has not been used in live DDoS attacks, but the capability is in there.

Today is the one-year anniversary of the Dyn DDoS attack, the article points out, adding that "This week both the FBI and Europol warned about the dangers of leaving Internet of Things devices exposed online."
This discussion has been archived. No new comments can be posted.

2 Million IoT Devices Enslaved By Fast-Growing BotNet

Comments Filter:
  • Botnet mining (Score:4, Interesting)

    by BeerCat ( 685972 ) on Saturday October 21, 2017 @02:46PM (#55410475) Homepage

    Using botnets to do DDoS attacks is so passé. It may be satisfying for the perpetrators (Ha ha! Site [my enemy] is down!), but no different from the 1980s "my virus will delete all your files"

    With most IoT devices having more processing power than they actually need, I wonder how many have been hijacked to become cryptocurrency mining operations, which will quietly run away, building up, with no-one really keeping an eye on them

    • How long until manufacturers build in cryptocurrency mining into their stock firmware to use that extra processing power, phoning home periodically to 'recieve updates'?
      • That's probably the only way the makers of this insecure junk could be assed to up the security, when hackers redirect their mined coins.

        • That's probably the only way the makers of this insecure junk could be assed to up the security, when hackers redirect their mined coins.

          Quoted to highlight the benefits of Enlightened Self-Interest.

    • by EvilSS ( 557649 )

      Using botnets to do DDoS attacks is so passé. It may be satisfying for the perpetrators (Ha ha! Site [my enemy] is down!), but no different from the 1980s "my virus will delete all your files"

      With most IoT devices having more processing power than they actually need, I wonder how many have been hijacked to become cryptocurrency mining operations, which will quietly run away, building up, with no-one really keeping an eye on them

      These devices are being used as part of a DDOS as a service scheme. The botnet owners act as the wholesaler, and people setup sites to sell time and bandwidth from the botnet provider to individuals. It's a huge problem in the gaming community due to cheap ass gaming companies using P2P matchmaking in multiplayer (vs using dedicated servers). Players will pay a few bucks and knock off their opponents in matches, or target streamers on Twitch, Beam, Youtube Gamine, etc.

  • Few things have irritated me as much as the mere concept of IoT. The sooner it dies the less spyware we will have.
    • Agreed. I cared enough to do something about it. Created a LAN of things - no internet presence at all, for myself. I only need automation for my place, not some data-monetizer (or worse, rent seeker or just go out of business) inserted into my stream. And then there's security.
      .
      But first, imagine a world where one of these jerks comes along with "and now you'll pay rent or I'll stop making your home work".
      Abandonware is bad enough as is.
      Signed code won't mean diddly here. If there's a way to make
    • Why exactly would it die?

      Manufacturers can sell it and are not legally responsible for their crapware.
      People are dumb and buy it, not understanding what's going on.
      Damage is done to someone who cannot influence buying/selling of those things.

      So what reason would you see for this to cease?

  • That's wonderful, but on a more important topic, has Microsoft gotten around to fixing their bootloader for Windows 10 IoT, such that we can (God please) finally boot off of a USB hard drive (read: SSD) on something like the Raspberry Pi 3 (which just needs a quick config change to make happen, and is already supported by many linux distros), or are we still going to be stuck with read speeds that an ATA-100 hard drive (not even ATA-133...) could beat?

  • These IoT thingies have more power than the PC I had 15 years ago. And many of them do hardly anything with it. That is just... strange.

    • Not strange at all, the chips are just cheaper.

      I kid you not. You can currently get chips with more features and faster processing speed cheaper than "older" chips with less. Mostly because the price of chips is mostly fixed costs and it costs about the same to make either of them, so making the more powerful one that outdoes or at least is on par with the competition's chip makes sense, else people will buy theirs and not ours.

    • Not really.

    • by tlhIngan ( 30335 )

      These IoT thingies have more power than the PC I had 15 years ago. And many of them do hardly anything with it. That is just... strange.

      You can thank smartphones for that, which have driven down the cost of embedded processors significantly.

      When I started, a 200MHz StrongARM processor was considered high end, and 400MHz processors were on the way. If you're lucky, they had 32MB of RAM. At the time, the average desktop was 500-800MHz with 128-512MB of RAM. You wouldn't dare run desktop applications on the em

  • Anyone who enables an insecure IoT device, and that device is found to be part of a botnet should have to pay a fine.
    • by Anonymous Coward

      Sheesh, what an elitist fuckwit.

      So come on then brains, tell all of us ignorant consumers how we're supposed to check with 100% certainty that a network enabled device is secure ?
        And what do you define as a 'device' ?
      Does that go as far as regular desktop/laptop computers? If not, why do they get a special exemption from being allowed to be part of a botnet ?

  • The Cloud is My Master.

    So does this mean I need a firewall in front of my cable modem?

  • by gravewax ( 4772409 ) on Saturday October 21, 2017 @04:14PM (#55410755)
    I noticed the summary conveniently left of the very last item in the list of the article of affected devices "and Linux servers".
    • by HiThere ( 15173 )

      The "and Linux servers" referred to devices being attacked, not to ones that were part of the bot-net.

      I'm going to give you credit for good intentions, at the cost of considering that you lack reading comprehension.

  • This explains why my thermostat is now mining Bitcoin.

    • Lucky you. Mine just went to 100F and demands 2 Bitcoins to set it back to normal levels.

      • That's nothing. Mine's been posting fake news stories to Facebook since last year.
        • by fisted ( 2295862 )

          T_SET 68F T_MEAS 67.5F ALL SYSTEMS NOMINAL PLEASE MOVE ALONG NOTHING TO SEE HERE FELLOW HUMANS

          o o o o o o o o o o o o o o o o o o o o o o o o o o o

  • Insecurely Designed Internet Of Things

Fast, cheap, good: pick two.

Working...