A new botnet, boasting an army of 500,000 remotely-controlled routers in 54 countries, has been discovered. VPNFilter allows attackers to steal credentials, monitor Modbus SCADA protocols and has a destructive capability that can render an infected device unusable. It can be triggered on a single device or as part of a mass attack.
In August 2016 the Mirai Botnet was unleashed, using millions of poorly secured IoT devices to launch a number of DDoS attacks that resulted in relatively minor impact by taking down the website of security analyst Brian Krebs through to clobbering the Dyn network which, in turn, resulted in some of the world's biggest websites dropping off the Internet. The creators of the Mirai software have been charged and have pleaded guilty in a US court.
Last September, a bunch of major websites were rendered 404 when the Mirai botnet surfaced. By attacking hundreds of thousands of unsecured IoT devices Mirai was able to attack DNS provider Dyn resulting in hundreds of online services dropping like flies. Persirai borrows some code from Mirai but "improves" upon it.
DDoS attacks aren't a new thing. But an new type of service denial attack is appearing. Permanent Denial of Service (PDoS) attacks infiltrate unsecured devices and corrupt them so that they are made useless. While an epic pain in the butt for the owners of attacked devices, PDoS removes devices from the Internet that could be used in botnet attacks like last year's Mirai incident.
