IoT_reaper Botnet Looms Ready To Strike With Millions Of Zombie Devices At Its Disposal

A security firm is warning of a new botnet targeting IoT (Internet of Things) devices that is on the move. Dubbed IoT_reaper, the new botnet borrows some of the source code from Mirai, which took down the popular security blog KrebsOnSecurity with a massive DDoS attack, ultimately forcing Brian Krebs, the security expert in charge of the blog, to find a new hosting company and seek shelter behind Google Shield for DDoS protection. Unfortunately, it is believed that this new strain called Reaper could be even more virulent than Mirai.

Whereas Mirai was able to spread by cracking weak passwords on IoT devices that oftentimes were never changed from their defaults, Reaper looks for multiple vulnerabilities to exploit, making it potentially capable of spreading to even more devices. Reaper is far more aggressive in this manner—it is actively hacking devices based on multiple security holes, versus simply inputting default or easy-to-guess passwords.

Reaper Botnet

Researchers at Chinese security firm Qihoo 360 and Israeli outfit Check Point have investigated Reaper and found that it contains millions of potentially vulnerable device IPs, all queued up and ready to be processed by an automatic loader that injects code. And the number of unique active bot IP addresses is growing at more than 10,000 per day. That number could explode as more devices become infected—the bigger this botnet grows, the more quickly it can spread.

Check Point even goes so far as say that Reaper could take down the Internet.

"So far we estimate over a million organizations have already been affected worldwide, including the US, Australia and everywhere in between, and the number is only increasing.Our research suggests we are now experiencing the calm before an even more powerful storm. The next cyber hurricane is about to come," Check Point said.

Botnet Map
Source: Check Point

Reaper is quickly evolving to exploit an increasing number of vulnerabilities in IoT devices, including wireless IP cameras by companies such as GoAhead, D-Link, AVTech, Netgear, MikroTik, Linksys, and others. There are patches available for many of the affected devices, but when its comes to IoT devices, consumers are not in the same habit as applying security updates as they are for PCs. One device maker, Synology, actually issued a patch for this vulnerability all the way back in 2014 (so if you have an older device that has seen many or any updates, update now). Even so, Check Point has found Reaper doling out attacks from 60 percent of the corporate networks it tracks.

The best thing you can do at the moment is to update any Internet-connected devices you own, and to continue checking for updates. It would also be wise to encourage your family and friends to do the same thing.