Massive New IoT Botnet Growing Rapidly: Researchers

Add Your Comments

A large botnet of IoT devices is growing more rapidly than Mirai did in 2016, according to researchers. The botnet has reportedly infected nearly two million devices in the past month.

The botnet, called “IoT_reaper” by 360 Netlab and “IoTroop” by Check Point researchers, was first detected in September when the security firms noticed a pattern of attempts to exploit IoT device vulnerabilities. They tracked the growth of the botnet for over a month before sounding the public alarm with blog posts.

“While some technical aspects lead us to suspect a possible connection to the Mirai botnet, this is an entirely new campaign rapidly spreading throughout the globe,” Check Point said in a blog post. “It is too early to assess the intentions of the threat actors behind it, but it is vital to have the proper preparations and defense mechanisms in place before an attack strikes.”

The bot utilizes some code borrowed from Mirai, but attacks nine known vulnerabilities, rather than cracking weak passwords, according to Netlab. Whoever is behind the code has been changing it, making it more dangerous, the researchers say, even though it is in an early expansion stage, and its purpose is unknown. The number of exploits found in samples is increasing, with one recently added within two days of disclosure of the vulnerability.

Check Point calls it “the next cyber hurricane,” and says devices manufactured by GoAhead, D-Link, TP-Link, Netgear, Linksys and others have been infected at over a million organizations worldwide.

Mirai launched a record 620 Gbps attack against Dyn a year ago, though there has been some speculation that gaming infrastructure was the true target.

Add Your Comments

  • (will not be published)