In September 2016 you may remember the DDoS attack by the Mirai Bot Network. The malware had infected over 2.5 million individual IoT devices to stage a DDoS attack on the worlds most popular websites while throwing millions of users offline around the world in the process, by attempting to seize control of their routers. This attack resulted in Spotify, Reddit and the New York Times being entirely wiped from the internet, among numerous other websites.
This was one of the most widespread and invasive attacks in years, but a new threat from the Reaper Botnet is slowly becoming apparent. On Friday, researchers at Israeli tech firm Check Point and China’s Qihoo 360 security firm discovered that the Reaper Botnet had gained access, and control, of almost one million networks around the globe, with numerous devices attached. With such a large arsenal of devices, the Reaper botnet certainly has the ability to create worldwide chaos and do unprecedented damage to worldwide networks.
One major difference between Mirai and Reaper is Reapers ability to hack devices to gain control, rather than simply guessing their passwords. The Reaper botnet has refined Mirai’s code to include an ability to hack into devices, which were previously suspected to be secure, further expanding Reapers reach. Devices currently under control of Reaper include routers from D-Link, Linksys, and Netgear, along with CCTV cameras from Vacron, AVTech, and GoAhead.
Shockingly, QiHoo 360 has revealed that over 10,000 devices already communicate with the Reaper command-and-control server on a daily basis, with an additional million devices “queued” awaiting code from Reaper to attach them to the entire DDoS network.
Are you affected?
Check Point has released a list of affected devices and has stated that if you are unable to analyse and check whether your device is affected, you should perform a factory reset to remove any malicious malware code. Additionally, there are a number of updates available for the above-mentioned routers and devices, which include patches and removal of the malicious Reaper code.
The Reaper botnet has yet to show signs of mobilising its army of infected devices, although Check Point’s Maya Horowitz speculated that the devices will almost certainly be used in a DDoS attack to either create, “global chaos,” or bring down a “specific target,” both of which could cause online mayhem depending who the target is.
Ultimately, the success of Reaper relies on IoT device owners not updating their devices, or knowing Reaper exists. For Reaper to successfully achieve its goal of a malicious and devastating DDoS attack, it must rely on network device manufacturers to refrain from issuing an update to their devices.