SECURITY OUTFIT Check Point has caught wind of a new IoT botnet that's "more sophisticated than Mirai" and has already affected at least one million organisations worldwide.
Check Point first unearthed the botnet, codenamed 'IoT_reaper', at the beginning of September and claims that, since, it's already enslaved millions of IoT devices including routers and IP cameras from firms including GoAhead, D-Link, TP-Link, Avtech, Netgear, MikroTik, Linksys and Synology.
The latest campaign shares similar technical aspects to Mirai but is said to be more dangerous as it is able to "evolve" in order to exploit vulnerabilities in devices connected to the internet, which it then uses to spread the malware to other devices.
The security firm warns that the botnet is "rapidly spreading worldwide" and could soon be weaponised the launch cyber attacks in the same fashion of Mirai last year.
Check Point said: "While some technical aspects lead us to suspect a possible connection to Mirai, this is an entirely new and far more sophisticated campaign that is rapidly spreading worldwide."
"It is too early to guess the intentions of the threat actors behind it, but with previous botnet DDoS attacks essentially taking down the internet, it is vital that organisations make proper preparations," the team noted.
Check Point says that, so far, it estimates that "over a million organisations have already been affected worldwide, including the US, Australia and everywhere in between.
It expects this number to keep growing, noting that "our research suggests that we are now experiencing the calm before an even more powerful storm. The next cyber hurricane is about to come."
"It is vital to have the proper preparations and defence mechanisms in place before an attack strikes," Check Point warns.
This isn't the first Mirai-like threat that's been uncovered. Earlier this year, a new threat called 'BrickerBot' was revealed, which - as its name suggests - threatened to permanently brick IoT devices, rather than harnessing them to a distributed denial of service (DDoS) network. µ
Give noisy sites the (Basil) brush off
Watchdog rules it prevented rivals from competing in online search
EU have a choice, EU know
Though not as wallet-busting as the Galaxy S10