Several security service providers are warning of a new powerful botnet with hundreds of thousands of infected devices around the world. As the Israeli company Checkpoint, which specializes in IT security, reports on its website, one million organizations worldwide have already been infected by the new botnet. According to the report, the malicious code is primarily targeting IP cameras, routers and NAS systems. The affected IoT devices include models from well-known brands such as D-Link, TP-Link, Avtech, Netgear, Linksys and Synology. The new botnet with the name 'IoTroop' or 'IoT_Reaper' is also said to have borrowed code snippets from 'Mirai', but is infecting the devices in a different way.

While Mirai searched the network for devices without firewall protection and with unchanged default passwords, the successor is said to exploit existing security vulnerabilities for its attacks. The programming language used will once again be 'Lua', which is popular with such malware. It enables complex and effective scripts for DDoS attacks, for example. Furthermore, according to the security experts at Chinese service provider Qihoo 360 Netlab, the new malware does not attract attention through aggressive port scanning and is therefore difficult to detect.

Both security service providers emphasize that no attacks via the new botnet have yet become known. However, this is probably nothing more than the famous 'calm before the cyber storm', as Checkpoint puts it. The Israelis believe that the new malicious code has a much greater potential for damage than Mirai.

900,000 routers affected

At the end of last year, the Linux malware Mirai was responsible for several high-profile cyberattacks. In October, a massive DDoS attack on the US company Dyn caused major internet services such as Twitter, Paypal, Netflix and Spotify to go down. Around a month later, the botnet caused around 900,000 telecom routers to go down. Apparently, Mirai had tried to make the routers part of the botnet, but the routers crashed when trying to install the malware on the devices. According to many experts, this was a stroke of luck, as it prevented major damage.

According to a study published this summer by security specialist Avast, such attacks are likely to continue in the future: In Germany alone, Avast has checked more than 820,000 networks. Of the almost three million IoT devices registered in these networks, over 175,500 devices are insecure. In addition, almost 140,000 routers (almost 17%), more than 8,000 printers (5%) and over 1,000 webcams (13%) have vulnerabilities. The security experts at Avast warn that just one unprotected device is enough for cyber criminals to gain access to it, infect it and turn it into a huge botnet.