A New, Massive IoT Botnet Storm is Arriving…Be Prepared!

A new massive Botnet, or to be more particular, an IoT Botnet, is arriving and could prove to be nothing less than a disastrous cyber-storm which could affect the global internet community in a big way. Reports say that the Botnet, variously named “Reaper” and “IoTroop”, has already infected a million organizations and is recruiting IoT (Internet of Things) devices, like IP wireless cameras and routers, to carry out the attack.

Security firm Check Point has posted in detail about this rapidly growing new Botnet, which, according to them, is “evolving and recruiting IoT devices at a far greater pace and with more potential damage than the Mirai botnet of 2016. ”

It was towards the end of September that Check Point’s Intrusion Prevention System (IPS) picked up signs of this Botnet storm gathering momentum. Check Point researchers detected attempts being made to exploit a combination of vulnerabilities in various IoT devices. The attempts being made were in increasing in number with each passing day. The hackers were bent on exploiting vulnerabilities in Wireless IP Camera devices, like GoAhead, D-Link, TP-Link, AVTECH, NETGEAR, MikroTik, Linksys, Synology etc. The Check Point team realized that the attacks were coming from many different sources and a variety of IoT devices, which showed that the attack was being spread by the IoT devices themselves.

The Check Point post about the Botnet says- “While some technical aspects lead us to suspect a possible connection to Mirai, this is an entirely new and far more sophisticated campaign that is rapidly spreading worldwide. It is too early to guess the intentions of the threat actors behind it, but with previous Botnet DDoS attacks essentially taking down the Internet, it is vital that organizations make proper preparations and defense mechanisms are put in place before an attack strikes.”

Check Point researchers started researching about the Botnet at the end of September and soon they were aware that they were witnessing the recruitment stages of a really vast IoT Botnet. The Check Point post on the Botnet says- “So far we estimate over a million organizations have already been affected worldwide, including the US, Australia and everywhere in between, and the number is only increasing…Our research suggests we are now experiencing the calm before an even more powerful storm. The next cyber hurricane is about to come.” Yes, a cyber hurricane in the realm of the Internet of Things (IoT) devices!!!

The Chinese security firm Netlab 360, which has named the Botnet “Reaper”, reports- “On 2017-09-13 at 01:02:13, we caught a new malicious sample targeting IoT devices. Starting from that time, this new IoT botnet family continued to update and began to harvest vulnerable IoT devices in a rapid pace.”

There are inferences that this new, fast-spreading Botnet and the earlier Mirai IoT bot could be the work of the same group of hackers, but experts warn that the new Botnet is growing at such a fast pace that the damage could be much higher. Moreover, the new Botnet doesn’t crack passwords like Mirai did. The Netlab 360 report says- “The bot borrowed some code from the famous Mirai botnet, but it does not do any password crack all. Instead, it purely focuses on exploiting IoT device vulnerabilities.” Scan behavior of the new Botnet too is not that aggressive.

No harm has yet been done using the new Botnet, but security experts are obviously concerned. They are also speculating as regards the nature of damage that could be done. The Botnet could be used to launch a massive denial-of-service attack or to distribute ransomware. It could also be used to send spam or phishing messages, or could even be rented out to people who want to engage in malicious activities.