New Botnet malware has been detected by malware researchers to attack IoT (Internet of Things) devices. The malware aims to compromise whole networks of IoT devices by using DdoS (denial of service) type of attacks.
It also enlists the IoT devices in a botnet, making it widespread very quickly. According to experts, the only IoT botnet attack of such scale was Mirai botnet, which became popular back in November, 2016.
Which Devices are Targeted and How They Become Compromised
Whilst the Mirai IoT malware used bruteforcing techniques to break into IoT devices that were not properly secured (with weak passwords or the default ones), the Reaper malware has implemented a similar strategy, but more advanced. This means that the Reaper malware uses hacking technques, that are used in password cracking software and other malware in order to be more effective. Such can be a pre-set list of modules as well as programs that aim to look for different exploits and weaknesses of the devices.
Researchers at Qihoo 360 and Check Point have explained that this new IoT botnet threat uses known exploits and security weaknesses in order to infiltrate insecure machines. And while so far Reaper has not yet performed DdoS attacks, like it’s predecessor Mirai, it has the potential to be even more dangerous, mainly because of the new methods the virus uses to spread, making it potentially more devastating.
Which Devices are Affected
Similar to other IoT botnet, the usual devices are targeted, such as:
- D-Link routers.
- Netgear routers.
- Linksys routers.
- Internet-connected surveillance CCTV, belonging to companies, like Vacron, AVTech and Vacron.
CheckPoint researchers have discovered that more than a half of the networks which they keep an eye on, have already been infected with the ripple malware and there are approximately 10000 devices currently enrolled in the IoT zombie network. This was discovered as a result of the ffact that all of those devices were communicating with a previously established command and control server with a hidden actual location. CheckPoint researchers advise that if your device is from the following compromised devices list, you should update it immediately and patch all security flaws.
At the present moment, experts do not know when is this malware going to use it’s DdoS features, or why It hasn’t used them yet. They do believe, however that the malware might have some specific target network of IoT devices and it is looking to spread to this network.
How to Protect Yourself?
Besides updating your end device in case it may be compromise, we advise you to read the following related article to help you increase the overall defense of your IoT devices against Botnet malware and other IoT – related intrusions.