Brand new IoT Botnet Successfully DDoSes Russian Bank

Internet of Things devices will always remain one of the primary targets for cyber criminals. A new botnet is starting to gain traction as we speak. As one would expect, this new botnet will seek out unsecured IoT devices – mainly webcams and IP cameras – which are then used for nefarious purposes. So far, the net botnet has successfully breached a few hundred devices already, although there are many more vulnerable devices to be found.

Yet Another IoT Botnet Surfaces

It is evident something will need to change sooner rather than later when it comes to Internet of Things devices. Far too many consumer products remain vulnerable to interference from hackers and other online criminals as of right now. This allows rogue players to create new botnets, all of which will successfully target these devices and take them over. That is not a positive development by any means, as IoT manufacturers effectively give criminals all of the necessary tools to carry out nefarious attacks.

A new botnet has been spotted on April 16th, yet details have only been made public earlier today. It appears the person behind this new threat scanned for vulnerable IOT devices on port 81. When this unusual amount of port 81 traffic was first discovered, security researchers were a bit unsure as to what they should expect. It quickly became apparent someone was deliberately conducting online scans for vulnerable devices, though.

No one will be surprised to learn the person behind this botnet is targeting two specific types of internet-connected devices. Both webcams and IP cameras are of great interest to criminals who operate botnets. After all, there are hundreds of thousands of these devices connected to the internet at nay given time, most of which contain significant security weaknesses waiting to be exploited. A recent scan showed nearly 200,000 webcams can be accessed without too many problems.

Once security researchers got their hands on a sample of this botnet, they immediately though it was a new variant of Mirai. However, that is not the case, as it is something new altogether. That is even more troublesome, to say the least. This new malware scans for GoAhead, which is a web server found in most IoT devices these days. Once a vulnerable target is identified, the criminal will leverage one of the well-documented exploits to take over control of said device.

On April 23rd, this new botnet successfully launched its first DDoS attack, which was directed at a Russian bank. That is quite interesting, considering the command-and-control server is hosted on Iranian internet domains. This further validated the concerns this was not a new variant of Mirai by any means. The new botnet attacks on different UDP ports, and it has a completely different attack module. It appears just over 43,200 devices are part of this botnet so far, although that number is expected to increase over the coming weeks.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.