A research botnet was created to detect and compromise unprotected embedded control devices. These embedded control devices can be found in industrial control systems, medical devices, home appliances, and similar. A botnet is created when multiple devices are attacked, compromised (aka ‘owned’), and subsequently controlled by the attacker. The botnet was named Carna Botnet after the Roman goddess of the protection of vital organs and health.
- Unprotected embedded devices (tiny computers that typically control things) detected at rate of 1 every 5 minutes
- Discovered millions of unprotected devices, eg no or trivial username & password.
- Carna Botnet now 1.2 million compromised devices
- Of that 1.2 million, 420,000 have sufficient functionality & resources to continue to propagate the botnet
As the world continues to control more and more with networked embedded devices, ie the Internet of Things, we can expect a global rapidly growing platform for malicious behavior that we will need to attend to.