Skip to main content

Researchers discover IoT botnet capable of launching various DDoS attacks

(Image credit: Photo Credit: andriano.cz/Shutterstock)

Cybersecurity researchers from Bitdefender have found a new botnet comprised of more than a thousand IoT devices, capable of launching distributed denial of service (DDoS) attacks.

According to a Bleeping Computer report, researchers have named the botnet Dark Nexus, and believe it was created by well-known malware developer greek.Helios - a group that has been selling DDoS services and botnet code for at least the past three years.

Analysing the botnet through a honeypot, the researchers found it is comprised of 1,372 bots, but believe it could grow extremely quickly.

Dark Nexus is based on Mirai and Qbot, but has seen some 40 iterations since December 2020, with improvements and new features added almost daily.

"In terms of devices that seem compromised by the dark_nexus, the list is pretty extensive, ranging from various router models, such as Dasan Zhone, Dlink, and ASUS, to video recorders and thermal cameras," said the researchers.

One of the stand-out features of the malware infecting the devices is a scoring system, which analyses the target device and assesses how risky it would be to run a process on it. If it deems the device too risky, it engages a kill switch which terminates the process.

Botnets are networks of infected IoT devices - such as printers, cameras, smart devices and routers - used by hackers to launch DDoS attacks, harnessing the collective processing power and bandwidth.