In 2016, an Internet of Things worm called Mirai tore through the internet, building botnets of millions of badly designed CCTVs, PVRs, routers and other gadgets, sending unstoppable floods of traffic that took down major internet services from Paypal to Reddit to Dyn.
Mirai spread by scanning for other IoT devices and then trying default login and password combinations on them, which meant that it could only infect devices whose default passwords had never been changed (this was nearly every device).
But there's a new IoT worm called Reaper (also called "Troop") that augments Mirai's default password tactic with an arsenal of common defects in IoT gadgets, which it exploits to gain control over systems even when the passwords have been changed. In a very short time, Reaper has compromised over a million devices and it's growing fast.
On Friday, researchers at the Chinese security firm Qihoo 360 and the Israeli firm Check Point detailed the new IoT botnet, which builds on portions of Mirai’s code, but with a key difference: Instead of merely guessing the passwords of the devices it infects, it uses known security flaws in the code of those insecure machines, hacking in with an array of compromise tools and then spreading itself further. And while Reaper hasn’t been used for the kind of distributed denial of service attacks that Mirai and its successors have launched, that improved arsenal of features could potentially allow it to become even larger—and more dangerous—than Mirai ever was.
“The main differentiator here is that while Mirai was only exploiting devices with default credentials, this new botnet is exploiting numerous vulnerabilities in different IoT devices. The potential here is even bigger than what Mirai had,” says Maya Horowitz, the manager of Check Point’s research team. “With this version it’s much easier to recruit into this army of devices.”
THE REAPER IOT BOTNET HAS ALREADY INFECTED A MILLION NETWORKS
To my delight and awe, I have discovered a whole, new-to-me universe of "realistic flame" effect LED lightbulbs, which produce the illusion that you have a goblet of raging flame sticking out of your lightsocket: the bulbs come in a wide variety of shapes and sizes (and can also be had in fanciful colors, for […]
A couple of years ago, I was asked if I’d like to review the reMarkable tablet. If you’re unfamiliar with it, the reMarkable is an E Ink slate and pen solution that provides a digital note taking and sketching solution that feels eerily close to writing on paper. I was excited to take it for […]
Samsung’s latest phones have a “portrait” mode that cleverly fakes the look of a shot taken with a fancy lens on a full-frame sensor. But a picture they used as an example in an ad turns out to be a stock photo taken with a high-end DLSR. Moreover, the photographer, Dunja Djudjic, has a blog […]
Adobe’s design software catalog is essential to any graphics program, as much for their simplicity as their versatility. Anyone can be an effective graphic designer with tools like Illustrator and InDesign – and the right training in their potential. That’s where the Adobe CC A-Z Lifetime Bundle comes in. Whether you’re getting your feet wet […]
Businesses of any size continue to use PDFs despite – and perhaps because of – their stubborn resistance to simple editing. But for those who need a little flexibility on their documentation, the search is over for alternative software. PDF Expert for Mac is the catch-all solution for wrangling those PDFs, and it’s available at […]
When it comes to tech, smaller is better, and these items fit the bill both in terms of size and price. We’ve rounded up our favorite stocking-ready gadgets, most of which are already on sale – and you can take an additional 15% off any of them with the special code MERRY15. iPM 3-in-1 Fast […]