In 2016, an Internet of Things worm called Mirai tore through the internet, building botnets of millions of badly designed CCTVs, PVRs, routers and other gadgets, sending unstoppable floods of traffic that took down major internet services from Paypal to Reddit to Dyn.
Mirai spread by scanning for other IoT devices and then trying default login and password combinations on them, which meant that it could only infect devices whose default passwords had never been changed (this was nearly every device).
But there's a new IoT worm called Reaper (also called "Troop") that augments Mirai's default password tactic with an arsenal of common defects in IoT gadgets, which it exploits to gain control over systems even when the passwords have been changed. In a very short time, Reaper has compromised over a million devices and it's growing fast.
On Friday, researchers at the Chinese security firm Qihoo 360 and the Israeli firm Check Point detailed the new IoT botnet, which builds on portions of Mirai’s code, but with a key difference: Instead of merely guessing the passwords of the devices it infects, it uses known security flaws in the code of those insecure machines, hacking in with an array of compromise tools and then spreading itself further. And while Reaper hasn’t been used for the kind of distributed denial of service attacks that Mirai and its successors have launched, that improved arsenal of features could potentially allow it to become even larger—and more dangerous—than Mirai ever was.
“The main differentiator here is that while Mirai was only exploiting devices with default credentials, this new botnet is exploiting numerous vulnerabilities in different IoT devices. The potential here is even bigger than what Mirai had,” says Maya Horowitz, the manager of Check Point’s research team. “With this version it’s much easier to recruit into this army of devices.”
THE REAPER IOT BOTNET HAS ALREADY INFECTED A MILLION NETWORKS
Logitech’s MX Keys [Amazon] is what it finally took to lure me away from mechanical keyboards. It’s a slim yet solidly-constructed full-size model that’s similar to and superior to Apple’s Magic Keyboard. It’s flat, minimalist, heavy, solid and low-profile, with large backlit keys typeset in something similar to Futura Light. The keys are square with […]
Microsoft is to shut shop on the high streets and malls of America, permanently closing its 116 retail stores. Only 10 were overseas; flagship stores in New York City, London, Sydney, and Redmond will be remain as showrooms that do not sell the products. There will be no layoffs, Microsoft reports. Alarm bells rang when […]
Traintrackr is a powered circuit board showing a map of the London Underground, lighting up in real time to show train positions on 333 stations on all 12 main lines. It connects to the tube’s API for live location data every second. The board is 400mm x 300mm and sells for £249. (There’s also the […]
With all due respect to our vegetarian friends, there might be nothing more intrinsically linked to the 4th of July holiday than a big ole cookout. Sure, fireworks and celebrating the birth of a constitutional republic are great too, but showing off your cooking prowess with a brilliantly seared, mouth-watering slab of grade-A American beef […]
We’re at the midway point of 2020. So…how’s the year going for you so far? Yeah…we can guess. But while there’s a lot about 2020 we can’t directly control, maybe a little retail therapy can help make you feel better. Sure, the 39 items we gathered together can absolutely bring a smile to your face. […]
When revved-up kids used to dribble a basketball through the kitchen or practice their footwork with a soccer ball in front of the television, exasperated parents would often just send ‘em outside to play. But these days, sending kids out might not be the best course of action. Despite all the changes, many budding young […]