In 2016, an Internet of Things worm called Mirai tore through the internet, building botnets of millions of badly designed CCTVs, PVRs, routers and other gadgets, sending unstoppable floods of traffic that took down major internet services from Paypal to Reddit to Dyn.
Mirai spread by scanning for other IoT devices and then trying default login and password combinations on them, which meant that it could only infect devices whose default passwords had never been changed (this was nearly every device).
But there's a new IoT worm called Reaper (also called "Troop") that augments Mirai's default password tactic with an arsenal of common defects in IoT gadgets, which it exploits to gain control over systems even when the passwords have been changed. In a very short time, Reaper has compromised over a million devices and it's growing fast.
On Friday, researchers at the Chinese security firm Qihoo 360 and the Israeli firm Check Point detailed the new IoT botnet, which builds on portions of Mirai’s code, but with a key difference: Instead of merely guessing the passwords of the devices it infects, it uses known security flaws in the code of those insecure machines, hacking in with an array of compromise tools and then spreading itself further. And while Reaper hasn’t been used for the kind of distributed denial of service attacks that Mirai and its successors have launched, that improved arsenal of features could potentially allow it to become even larger—and more dangerous—than Mirai ever was.
“The main differentiator here is that while Mirai was only exploiting devices with default credentials, this new botnet is exploiting numerous vulnerabilities in different IoT devices. The potential here is even bigger than what Mirai had,” says Maya Horowitz, the manager of Check Point’s research team. “With this version it’s much easier to recruit into this army of devices.”
THE REAPER IOT BOTNET HAS ALREADY INFECTED A MILLION NETWORKS
A week ago, Apple announced a redesigned smartwatch that could track heart data, run EKGs, and even detect atrial fibrillation, promising that it would save lives. Today, one of America’s biggest insurers killed its traditional life insurance policies, replacing them with “interactive” insurance that encourages users to use such devices and share the data with […]
It’s in a Japanese “all-you-can-drink” restaurant, which sounds like a splendid idea. Note how it performs a correct angled pour, with headspit finish, to provide a superior pint.
HAL is described as the “world’s most advanced” Pediatric Patient Simulator. Hal simulates lifelike emotions through “dynamic facial expressions, movement and speech.” Gaumard Scientific’s video promises “amazed, transient pain, crying, and more.” [via @3liza] HAL not only looks like a boy, he behaves like one. He can track a finger with his eyes, answer questions, […]
Gone are the days when you needed to pore over a 400-page physics textbook to learn about weight ratios, aerodynamics, and all of those other STEM concepts that let us take to the skies. Thanks to Force Flyers’ DIY Building Block Drones, you can foster your STEM knowledge as you build and fly your own functional […]
As more companies leverage cloud technology to unite and streamline their operations, the need for capable IT pros increases. But, as any IT guru will tell you, demand alone won’t get your foot in the door to this lucrative field. If you want to cash in on the demand and build a thriving IT career, […]
iOS 12 is finally here, which means now is the best time for aspiring developers to throw their hats into the app development game. While app development can be tricky for some, you can take an intuitive, beginner-friendly approach to understanding app creation and Apple’s latest iOS platform with the iOS 12 & Xcode 10 Bootcamp, […]