'Cyber Hurricane': Millions of Devices Infected in Rapidly Replicating Botnet

Posted by K R on

In a very short time, new rapidly expanding loT botnet malware, more complex and dangerous than the 2016 malicious Mirai bot that caused widespread outages in the US and beyond, has already compromised over a million devices. In 2016, an Internet of Things (IoT) worm named Mirai infected some 2.5 million gadgets worldwide, building botnets that sent unstoppable floods of junk traffic and took down major internet services including Spotify, Paypal and Reddit. Mirai impacted IP cameras and internet routers by simply trying default login and password combinations on them. But the new and recently-discovered botnet, known as IoT Troop or, more commonly, Reaper, has evolved beyond that simple tactic — not just exploiting weak or default passwords on devices it infects — but using more sophisticated software-hacking techniques to break into insecure gadgets even after passwords have been changed. According to researchers at the Chinese security firm Qihoo 360 and Israeli firm Check Point, comparing Mirai and Reaper is like differentiating between identifying open doors and actively picking locks. Although Reaper is based on portions of Mirai's code, there is a key difference: the malware doesn't guess, it uses an arsenal of common defects in IoT gadgets to gain entry and an array of compromising tools to further spread itself. Reaper has pulled together IoT hacking techniques that include nine attacks affecting routers from D-Link, Netgear, and Linksys, as well as internet-connected surveillance cameras, including those sold by Vacron, GoAhead, and AVTech. Although currently Reaper has shown no signs of any DDoS (Distributed Denial of Service) activity, it is too early to guess the intentions of its creators. This malware has the potential to do significantly more damage than Mirai and its successors did. Reaper continues to evolve, its code continuously updated, and its authors can turn a network of infected IoT devices into a weaponized network anytime it wants, to attack websites and disrupt services.

Read More: Sputnik International

Share this post

← Older Post Newer Post →


Leave a comment