New IoT botnet unearthed, threatens global chaos
F5 Networks expert says 'Reaper' botnet follows in Mirai footsteps but deemed far dangerous
A new IoT botnet, supposedly more dangerous than Mirai, is spreading globally and could soon be used to target organisations worldwide.
Cybersecurity firm Check Point revealed the existence of the botnet ‘Reaper,’ on Friday. The botnet shares similar characteristics to Mirai but is able to ‘evolve’ to exploit vulnerabilities in devices connected to the internet, the company says.
Tristan Liverpool, director of systems engineering, F5 Networks explains that Reaper is an evolution of the Mirai botnet that caused so much chaos on the Internet last year. Reaper has been quietly growing for over a month, propagating amongst many types of connected devices, now apparently numbering in the millions.
The biggest difference between the two is that Mirai tried to connect to devices via telnet protocol, utilising default or weak passwords to take control of devices, Liverpool explains. “In contrast, the Reaper botnet is looking to use exploits on unpatched devices, to take control of them and add it to the command and control platform. This means that it can continue to grow and be harnessed for all kinds of criminal activities,” he warns.
Reaper is said to have already enslaved millions of IoT devices including routers and IP cameras from firms including GoAhead, D-Link, TP-Link, Avtech, Netgear, MikroTik, Linksys and Synology. The security firm warns that the botnet is "rapidly spreading worldwide" and could soon be weaponised the launch cyber-attacks in the same fashion of Mirai last year.
A simple password upgrade is not sufficient to protect against the botnet, says Liverpool, although it’s still highly recommended on all devices connected to the internet. “To stop the propagation of this botnet, all companies and consumers should ensure all their devices are running the latest firmware versions, which will have security patches included,” he adds.
Check Point warned the number of affected devices to keep growing, warning that this is “the calm before an even more powerful storm. The next cyber hurricane is about to come."
With that in mind, everyone needs to prepare for the worst, as it is still unknown whether the motive of the perpetrators is chaos, financial gain or to target specific states or brands, says Liverpool. “For organisations to protect themselves, they must identify which information is critical and needs to be available anytime, anywhere. In summary, security can be built around these key areas and a contingency plan must be developed.”