In 2016, an Internet of Things worm called Mirai tore through the internet, building botnets of millions of badly designed CCTVs, PVRs, routers and other gadgets, sending unstoppable floods of traffic that took down major internet services from Paypal to Reddit to Dyn.
Mirai spread by scanning for other IoT devices and then trying default login and password combinations on them, which meant that it could only infect devices whose default passwords had never been changed (this was nearly every device).
But there's a new IoT worm called Reaper (also called "Troop") that augments Mirai's default password tactic with an arsenal of common defects in IoT gadgets, which it exploits to gain control over systems even when the passwords have been changed. In a very short time, Reaper has compromised over a million devices and it's growing fast.
On Friday, researchers at the Chinese security firm Qihoo 360 and the Israeli firm Check Point detailed the new IoT botnet, which builds on portions of Mirai’s code, but with a key difference: Instead of merely guessing the passwords of the devices it infects, it uses known security flaws in the code of those insecure machines, hacking in with an array of compromise tools and then spreading itself further. And while Reaper hasn’t been used for the kind of distributed denial of service attacks that Mirai and its successors have launched, that improved arsenal of features could potentially allow it to become even larger—and more dangerous—than Mirai ever was.
“The main differentiator here is that while Mirai was only exploiting devices with default credentials, this new botnet is exploiting numerous vulnerabilities in different IoT devices. The potential here is even bigger than what Mirai had,” says Maya Horowitz, the manager of Check Point’s research team. “With this version it’s much easier to recruit into this army of devices.”
THE REAPER IOT BOTNET HAS ALREADY INFECTED A MILLION NETWORKS
Enjoy one minute and eleven seconds of fun from the Lockpicking Lawyer, who makes short work of a Smartkey Kwikset Padlock [Amazon], which you absolutely shouldn’t buy as a gift for someone whose property you have plans for.
I finally pulled the trigger on the new iPad Pro because of today’s deals at Amazon; affiliate links follow below. Every year I throw all my computers in a dumpster and make another desperate, clawing, doomed effort to use an iPad Pro as my “only machine” and it is once again Time. Here’s what’s up: […]
Martin Howard from Antique Typewriter (previously) writes, "In 1881, Thomas Hall, a Brooklyn engineer, invented the first portable typewriter that would enable a person to type with the machine anywhere, even on one’s lap. This was also the first index typewriter, a typewriter with no keyboard that requires one to use a selector. In this […]
Big companies want automation on a big scale. Doing that means diving into the tricky world of machine learning and data science. And no matter what platform you’ll be implementing it on, you can learn how with the Machine Learning & Data Science Certification Training Bundle. In 48 hours and through eight courses, this bundle […]
Big systems need tight security – and the experts who can implement it. Cisco Networking Systems are the go-to providers for network infrastructure, but maintaining it takes a lot of up-to-date knowledge. If you want that knowledge right from the source, there’s an online course that can get you certified painlessly: The Foundational Cisco CCNA […]
Computer slowing down? There are a ton of reasons why that might be, especially if your unit has a few years on it. Junk files and programs can accumulate over time, some even left over from otherwise uninstalled software. This virtual debris can slow your PC down dramatically, but there’s a surprisingly quick fix. Lauded […]