Security group Check Point Research claims to have discovered a rapidly growing and evolving botnet which they believe could eventually take down the internet. This botnet consists of millions of internet connected devices, better known as the Internet of Things. They have compared its strength to the now infamous Mirai botnet, but believe it will dwarf Mirai in its speed and growth.
This latest threat has been called the Reaper botnet and makes other attacks look childish. Mirai worked by infecting unsecured devices with default passwords to add them to the botnet. The Reaper works by actively hacking and infiltrating millions of devices around the globe. Wired described it as “the difference between checking for open doors and actively picking locks.”
The Reaper malware contains some of the Mirai source code, but has greatly expanded its risk and potential. Rather than guessing common passwords, Reaper uses known vulnerabilities to inject its code into the victim. This allows it to grow at a much faster rate.
The malware has already been discovered on 60% of networks monitored by Checkpoint. Vulnerable hardware includes devices from GoAhead, D-Link, TP-Link, Netgear, AVTech, MikroTik, Linksys, Synology, and some portions of Linux. Many of these device manufacturers have released patches for the vulnerabilities, but most users don’t apply them.
There are millions of devices already running the Lua-based software that will allow the botnet owners to load their attack modules. There have been no reported uses of the botnet, but the code shows it’s in standby waiting for a signal to start the volley of DDoS attacks.
Mirai had a bandwidth exceeding 1Tbps and was able to bring down sites like GitHub, Twitter, Reddit, Netflix, and Airbnb. Reaper is far more sophisticated and has the potential to launch attacks on a scale never seen before experts warn.
Lead photo by William Bout on Unsplash