On January 30, 2018 a new mass exploitation tool called “Autosploit” was released on Github, a Git repository hosting service. Autosploit leverages Python code to automatically search for vulnerable devices connected to the Internet and then uses Metasploit’s collection of exploits to take over computers and IoT devices. It automatically trolls the Internet for vulnerable devices which can be leveraged for DDoS attacks. Autosploit is not new code, per se, because it is a combination of the previously existing Shodan and Metasploit modules, which have been used for penetration testing. However, this “marriage” of code makes it easier than ever for hackers to recruit new devices to their own botnet that could be used to mine cryptocurrencies, hack Internet applications or launchdistributed denial of service (DDoS) attacks.
Autosploit enables both skilled cybercriminals and amateurs who lack technical expertise (also known as “script kiddies”) to form massive DDoS botnets, thus expanding the pool of potential hackers. As a result, many security experts predict an increase in the number of DDoS attacks and other cyber incidents.