The IoT world was recently rocked by the arrival of Satori, a new IoT botnet which spread to 280,000 IPs within 12 hours and has been dubbed as a variant of the Mirai botnet.
Unlike other Mirai variants, the Satori botnet features two embedded exploits that connect to ports 37215 and 52869 to infect more devices.
According to security researcher Li Fengpei who first identified the Satori botnet, the security firm he works for observed more than 280,000 different IPs which were scanning ports 37215 and 52869 within a space of twelve hours.
What this means that that the Satori botnet could easily infect hundreds of thousands of IoT devices within a matter of hours, and considering how exploit-friendly and vulnerable modern IoT devices are, the botnet could infect enough devices in the coming days to cripple the Internet.
Li added that the Satori botnet has the ability to behave like an IoT worm and can propagate itself quickly by attacking ports used by millions of IoT devices.
News about the arrival of Satori botnet comes only a day after Europol, in conjunction with several U.S. federal agencies, was able to take down the Andromeda botnet that had spread to millions of IoT devices.
The destruction of the botnet involved a cooperation between the FBI, the Luneburg Central Criminal Investigation Inspectorate in Germany, Europol’s European Cybercrime Centre (EC3), the Joint Cybercrime Action Task Force (J-CAT), Eurojust and several private-sector partners.
The surfacing of new IoT botnets even as agencies are struggling to contain existing ones suggests that IoT device manufacturers aren’t doing enough to ensure that their devices will stay immune from attacks initiated via IoT botnets.
‘As the number of devices connected to the internet continues to rapidly expand, so do the mass of vulnerabilities associated with the IoT. The sheer volume and complexity of these devices has opened a large window for targeted attacks, compromising the security and safety of household items, such as home routers,’ says Rodney Joffe, SVP and Fellow at Neustar.
He adds that while people are filling their homes with a flurry of new Internet-connected devices to make their lives more convenient, it is up to IoT device manufacturers to ensure that their devices have optimum security so that consumers aren’t impacted because of security flaws.
‘With every element of the IoT being connected, the knock-on effect of one device being hit by some form of cyber-attack has the power to, almost instantly, cripple millions of others.
‘In order to work towards stamping-out the huge threat to the IoT landscape, more cohesive security strategies need to be considered, with consumers being made aware of the wider ecosystem they’re signing up to, the potential risks associated with this, and how best to isolate them,’ he adds.
Hervé Dhelin, SVP Strategy at EfficientIP, also said that basic cyber security solutions in modern IoT devices are not enough to withstand large-scale attacks like the Mirai and Andromeda malware. Businesses today need more advanced protection, he said.