WARNING SIGNS, AND AN EVOLUTIONįew knew or realized it at the time, but even before the Mirai attacks commenced in August 2016 there were ample warning signs that something big was brewing. Netlab’s researchers say Reaper partially borrows some Mirai source code, but is significantly different from Mirai in several key behaviors, including an evolution that allows Reaper to more stealthily enlist new recruits and more easily fly under the radar of security tools looking for suspicious activity on the local network. 20 by Chinese security firm Netlab 360, the scanning performed by the new IoT malware strain (Netlab calls it the more memorable “Reaper”) is not very aggressive, and is intended to spread much more deliberately than Mirai. However, according to research released Oct.
IoT malware spreads by scanning the Internet for other vulnerable devices, and sometimes this scanning activity is so aggressive that it constitutes an unintended DDoS on the very home routers, Web cameras and DVRs that the bot code is trying to subvert and recruit into the botnet. While DDoS attacks target a single Web site or Internet host, they often result in widespread collateral Internet disruption. Researchers can’t say for certain what IoTroop will be used for but it is based at least in part on Mirai, which was made to launch distributed denial of service (DDoS) attacks. This graphic from CheckPoint charts a steep, recent rise in the number of Internet addresses trying to spread the new IoT malware variant, which CheckPoint calls “IoTroop.”īoth Mirai and IoTroop are computer worms they are built to spread automatically from one infected device to another.
Unlike Mirai - which wriggles into vulnerable IoT devices using factory-default or hard-coded usernames and passwords - this newest IoT threat leverages at least nine known security vulnerabilities across nearly a dozen different device makers, including AVTECH, D-Link, GoAhead, Netgear, and Linksys, among others (click each vendor’s link to view security advisories for the flaws).
According to CheckPoint, however, this new IoT malware strain is “evolving and recruiting IoT devices at a far greater pace and with more potential damage than the Mirai botnet of 2016.” The discovery came almost a year to the day after the Internet witnessed one of the most impactful cyberattacks ever - against online infrastructure firm Dyn at the hands of “ Mirai,” an IoT malware strain that first surfaced in the summer of 2016. 19, 2017, researchers from Israeli security firm CheckPoint announced they’ve been tracking the development of a massive new IoT botnet “forming to create a cyber-storm that could take down the Internet.” CheckPoint said the malware, which it called “IoTroop,” had already infected an estimated one million organizations. But if history is any teacher, we are likely enjoying a period of false calm before another humbling IoT attack wave breaks. For the moment it is apparently content to gather gloom to itself from the darkest reaches of the Internet. And there are indications that over a million organizations may be affected already.
Now, experts are sounding the alarm about the emergence of what appears to be a far more powerful strain of IoT attack malware - variously named “ Reaper” and “ IoTroop” - that spreads via security holes in IoT software and hardware. It’s been just over a year since the world witnessed some of the world’s top online Web sites being taken down for much of the day by “ Mirai,” a zombie malware strain that enslaved “Internet of Things” (IoT) devices such as wireless routers, security cameras and digital video recorders for use in large-scale online attacks.