On Friday, researchers at the Chinese security firm Qihoo 360 and the Israeli firm Check Point said that a massive botnet is forming to create a cyber-storm that could take down the internet and that at this point, millions of organizations have already been infected.
The new IoT botnet, which builds on portions of Mirai’s code, but with a key difference: Instead of merely guessing the passwords of the devices it infects, it uses known security flaws in the code of those insecure machines, hacking in with an array of compromise tools and then spreading itself further. And while Reaper hasn’t been used for the kind of distributed denial of service attacks that Mirai and its successors have launched, that improved arsenal of features could potentially allow it to become even larger—and more dangerous—than Mirai ever was.
IoT Botnets are Internet connected smart devices which have been infected by the same malware and are controlled by a threat actor from a remote location. They have been behind some of the most damaging cyberattacks against organizations worldwide, including hospitals, national transport links, communication companies and political movements.
“The main differentiator here is that while Mirai was only exploiting devices with default credentials, this new botnet is exploiting numerous vulnerabilities in different IoT devices. The potential here is even bigger than what Mirai had,” says Maya Horowitz, the manager of Check Point’s research team. “With this version it’s much easier to recruit into this army of devices.”
The Reaper malware has pulled together a grab-bag of IoT hacking techniques that include nine attacks affecting routers from D-Link, Netgear, and Linksys, as well as internet-connected surveillance cameras, including those sold by companies like Vacron, GoAhead, and AVTech. While many of those devices have patches available, most consumers aren’t in the habit of patching their home network router, not to mention their surveillance camera systems.
‘With this version it’s much easier to recruit into this army of devices.’
Check Point has found that fully 60 percent of the networks it tracks have been infected with the Reaper malware. And while Qihoo 360’s researchers write that some 10,000 devices in the botnet communicate daily with the command-and-control server the hackers control, they’ve found that millions of devices are “queued” in the hackers’ code, waiting for a piece of automatic “loader” software to add them to the botnet.
Check Point’s Horowitz suggests anyone who fears that their device might be compromised should check the company’s list of affected gadgets. An analysis of the IP traffic from those devices should reveal if they’re communicating with the command-and-control server helmed by the unknown hacker that’s administering the botnet, Horowitz says. But most consumers don’t have the means to do that network analysis. She suggests that if your device is on Check Point’s list, you should update it regardless, or even perform a factory reset on its firmware, which she says will wipe the malware.
Read more at: Check Point Research