Mirai-Like IoT Botnet ‘Has Already Hacked Millions Of Devices’

One year on from a botnet attack that disrupted a number of high-profile websites in October 2016, security researchers have uncovered another botnet that’s similar to the earlier Mirai in some ways, but is growing much more quickly.

The new network, called IOTroop or Reaper, has already infected devices on more than one million organisations’ networks, according to Israeli security firm Check Point, while Beijing-based Qihoo 360 estimated several million devices are queued to join the network.

Like Mirai, Reaper makes use of connected devices including routers and internet-linked security cameras.

Mirai had infected around 2.5 million devices by the end of 2016, when it was used along with other botnets to attack DNS provider Dyn, generating enough junk traffic to overload the firm’s servers and disable websites including Spotify, Reddit and The New York Times.

IoT hacking

But while Mirai infected devices by scanning for weak or default passwords, Reaper takes a more aggressive approach.

Reaper uses portions of Mirai’s code, indicating a possible link with the developers of the earlier tool, but it includes a number of new features, including the ability to exploit security weaknesses to gain control of a device.

It uses nine attacks found in routers made by D-Link, Netgear and Linksys along with surveillance cameras from Vacron, GoAhead, AVTech and others. While some of the flaws have been patched, in many cases those patches may not have been applied.

Another difference from Mirai is that Reaper programs the devices it infects to infect other devices, further broadening the botnet.

Check Point said about 60 percent of the corporate networks it tracks contained compromised devices.

“So far we estimate over a million organisations have already been affected worldwide, including the US, Australia and everywhere in between, and the number is only increasing,” Check Point said in an advisory.

Expansion

Qihoo 360 said about 10,000 devices are in active communication with the botnet’s command servers, with millions more awaiting “loader” software to add them to the network.

So far Reaper hasn’t carried out any attacks, but researchers say there are few other uses for a large botnet of connected devices other than directing malicious traffic at a target.

“It is too early to guess the intentions of the threat actors behind it, but with previous botnet DDoS attacks essentially taking down the Internet, it is vital that organisations make proper preparations and defense mechanisms are put in place before an attack strikes,” Check Point said.

Qihoo 360 said the botnet appears to be in the “early stages of expansion”.

In a report timed to coincide with the first anniversary of the Dyn attack, load balancing and computer security firm Radware said it had found that 68 of the top 100 US websites only use one DNS provider, making them vulnerable to disruption.

“Could it happen again? The short answer is: yes,” Radware said in the report.

Researchers advised users of the targeted cameras and routers to install updates and consider performing a factory reset of the device, which would clear any infection.

Do you know all about broadband and the ultra-fast future? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Google Goes On Trial In US Over Ad Tech Dominance

US trial of Google over ad tech market power begins, with forced divestiture of ad…

2 hours ago

US DOJ To Propose Google Penalties By End Of Year

US judge gives Justice Department until end of year to formulate plan for Google punishment…

9 hours ago

Trump ‘To Appoint Musk’ To Gov’t Efficiency Role If Elected

Donald Trump says he would appoint Elon Musk to lead government efficiency commission if elected,…

10 hours ago

Australian Official Received Death Threats After Musk Criticism

Australian eSafety commissioner says she received death threats after Musk criticised her for trying to…

10 hours ago

Man Arrested After ‘Earning Millions’ From AI Music Tracks

US man allegedly earned more than $10m in royalties streaming hundreds of thousands of fake…

11 hours ago

NCSC Calls Out Cyber-Attacks From Russia’s GRU

UK's NCSC and allies outline campaign of attacks from unit of Russia's military intelligence service…

11 hours ago