- Researchers warned Friday of an emerging IoT botnet, which is in the "early stages of expansion," according to Chinese internet security firm Qihoo 360. Called IoT_reaper, or IoTroop by Isreali cybersecurity firm Check Point, the botnet has 10,000 devices regularly communicating with servers the hackers control, according to Qihoo 360.
- Those controlling the botnet are "actively modifying the code" and have millions of potential vulnerable IoT devices awaiting processing by an automatic loader, which injects the botnet code into the devices to expand its size, according to Qihoo 360.
- The Reaper builds on some of Mirai's source code, but doesn't rely on default passwords to grow the botnet, Wired reports. The botnet uses software hacking techniques to grow, using security flaws to exploit IoT devices. Infected devices spread the malicious code to other similar devices, according to Check Point.
For the average firm, there is little that can be done to limit the impact of the attack. Now it's up to vendors to prevent IoT device infection and remedy flaws where possible.
Researchers were quick to point out the botnet is still in its early stages, but it is growing at a rapid pace. Check Point says more than "a million organizations" have already been impacted, though DDoS attacks associated with the botnet have not yet emerged.
The emergence of the Reaper — a successor to Mirai — comes at a curious time. This month marks the one year anniversary of the Dyn DDoS attack, which disrupted some of the internet's most-trafficked websites.
Sure, hackers have yet to use the botnet in a malicious way, but time will certainly tell how they plan to use it. It is unlikely that someone is assembling a massive botnet just for research purposes. The IoT infections are targeting many different devices around the world, creating a vast network. Even if some flaws are fixed, other IoT device vulnerabilities are still exploitable to contribute to the Reaper.