New Internet of Things Botnet Threatening to Take Down the Internet

New Internet of Things Botnet Threatening to Take Down the Internet

One year after the biggest IoT-based malware Mirai, security researches are now warning of a new rapidly growing IoT botnet. Mirai has caused vast internet outages by launching massive DDoS attacks. The new malware on the block; IoT reaper was first identified in September by researches at firm Qihoo 360. It does not depend on cracking weak passwords, instead, it exploits vulnerabilities in various IoT devices and enslaves them into a botnet network.

Currently, IoT reaper exploits for nine previously disclosed vulnerabilities in IoT devices from following manufacturers:

  • Dlink (routers)
  • Netgear (routers)
  • Linksys (routers)
  • Goahead (cameras)
  • JAWS (cameras)
  • AVTECH (cameras)
  • Vacron (NVR)

Read: KRACK: Researcher Discovers Flaws In WPA2 Authentication

According to researches, IoT reaper has already infected nearly two million devices with an astounding 10,000 infected devices per day. In the case of Mirai, it took only 100,000 infected devices to take down DNS provider Dyn last year using a massive DDoS attack. Researchers have also highlighted that the malware includes more than 100 DNS open resolvers, enabling it to launch DNS amplification attacks. Qihoo researchers add:

“Currently, this botnet is still in its early stages of expansion. But the author is actively modifying the code, which deserves our vigilance.”


Meanwhile, researchers at CheckPoint are also warning of probably same IoT botnet, named “IoTroop,” that has already infected hundreds of thousands of organisations.

“It is too early to guess the intentions of the threat actors behind it, but with previous Botnet DDoS attacks essentially taking down the Internet, it is vital that organisations make proper preparations and defence mechanisms are put in place before attack strikes”

Read: The Ever-Evolving Role of CIOs: A Look at Gartner’s CIO Agenda Survey

According to CheckPoint, IoTroop malware also exploits vulnerabilities in Wireless IP Camera devices from GoAhead, D-Link, TP-Link, AVTECH, Linksys, Synology and others. At this time it is not known who created this and why, but the DDoS threat landscape is skyrocketing and could reach tens of terabits-per-second in size.

CheckPoint researchers have warned everyone and said:

“Our research suggests we are now experiencing the calm before an even more powerful storm. The next cyber hurricane is about to come”

As a guide to cybersecurity, every one needs to be more vigilant about the security of their smart devices.


Source: The Hacker News