Lull before the storm: The cyberassault might turn off the internet

Author : Nicolai Eriksen

Source : 112 Ukraine

Check Point Israeli security company: Our surveys show that we are currently experiencing the lull before an even more powerful storm. The next cyber hurricane is on its way
09:46, 25 October 2017

Read the original text at Dagbladet.

Hospitals, banks and public transport, international companies like Twitter, Spotify, Netflix, Amazon, and PayPal… Those were just some of the companies hit by a huge cyber attack through the Mirai botany last autumn. Now, the Israeli security company, Check Point, announces that a new and far worse "cyberstorm, which can kill the Internet" is on its way.

Related: Petya A virus hits Germany, - Federal Cyber Agency

Related: Petya ransomware might attack Ukraine again, - Cabinet

"Our surveys show that we are currently experiencing the lull before an even more powerful storm. The next cyber hurricane is on its way,” the company warns.

Last year, several major sites and services around the world were dropped out when three major so-called DDoS attacks (service attacks) hit Dyn, big web server in the United States. The attack overwhelmed the system, which Dyn delivers to some of the world's largest online actors.

Related: Security Service of Ukraine warns about possible cyber-attacks

The consequences were huge: hundreds of millions of people were trying to go on websites, but failed. Among Norwegian websites, the government's website,, was hit by the attack.

The DDoS attacks came from tens of millions of IP addresses at the same time, through the use of a so-called botnet, a network of web-connected devices that are infected with viruses. These attacks were well planned.

Internet of things

According to security company Check Point, unknown hackers are now building a new, giant, and far more dangerous botnet, by "hijacking" everyday electronics like cameras and routers. As many as one million organizations should already have been infected, of the network - which one, therefore, can be used to break out large parts of the internet.

"Internet of things" (IoT) – this is everything from light bulbs, door locks and cameras to refrigerators and coffee makers, which you can often control from apps or monitor from the cabin through the network. If you see the word "smart" in front of something you own, you probably have an IoT device.

Related: US to allocate over $5 mln for Ukraine’s cyber security

A large proportion of these "things" have some enormous weaknesses: The products are often delivered with a default username and password, while the software is rarely updated. Thus, they can be extremely vulnerable to hacker attacks.

The purpose is unknown

IoT products are the goal of the new botnet too. Check Point says it is reminiscent of Mirai, which caused major damage last year. But they emphasize that the new network, which is rapidly spreading across the globe, is far more sophisticated and potentially much more dangerous than Mirai.

Related: Malware of Ukrainian hacker supposedly used in Russian cyber attacks

"It is too early to guess what the hackers intentions are, but considering that previously-botched DDoS attacks have taken down parts of the internet, it's important that organizations make proper preparations and organize defense mechanisms before an attack occurs,” Check Point writes.

The security company saw the first disturbing signs in late September when they discovered that an army of IoT devices was "served" to spread the virus to other devices. Thus, the infection is spread faster and has already reached units worldwide.

According to the Wired Web site, the virus has so far affected routers from D-Link, Netgear and Linksys, as well as online-connected surveillance cameras from companies such as Vacron, GoAhead and AVTech. You will find a list of all the infected IoT products that Check Point has discovered here.

Related: 10% of Ukraine's private, governmental and corporate PCs affected by recent cyber attack

The bot network, named "Reaper," has so far not shown any DDoS activity, but the Chinese security company Qihoo 360 writes that the virus can change tactics at any time, to use the hijacked device as a "weapon."

Related: Lessons, Ukraine should learn from recent large-scale cyber attack

Система Orphus

If you find an error, highlight the desired text and press Ctrl + Enter, to tell about it

see more