‘Reaper’ Botnet – A DDoS Trick or Treat?

Researchers have discovered a massive new botnet, dubbed ‘Reaper’ or ‘IoTroop’, targeting poorly-defended IoT devices to form a ‘zombie army’ of devices that could rock the entire Internet with a powerful DDoS attack. The botnet has reportedly already infected tens of thousands of devices across the globe and is said to have the potential to be even more powerful than the Mirai botnet that launched one of the most impactful cyberattacks of all time. An additional 2 million hosts have been identified, but not yet recruited by the botnet. Unlike Mirai, which works by scanning for and hijacking IoT devices with weak user name or password protection, the Reaper exploits integral vulnerabilities and turns infected devices into botnets that could potentially launch massive Distributed Denial of Service (DDoS) attacks.

Corero’s Security Operations Center has confirmed the spread of Reaper infected machines, to support the latest research. However, this should come as no surprise given that many IoT devices are poorly architected from a security perspective; they are prime targets for hacker infiltration and takeover. Aside from the personal privacy and security concerns that result from these security gaps, the bigger danger is that these connected devices can be harnessed by hackers for a variety of nefarious purposes including to launch dangerous DDoS attacks.

While IoT botnets are typically mobilized for use in DDoS attacks, Corero has yet to see evidence of these attacks in the wild. Industry experts predict that this botnet is intended for various DDoS booter services, available on the Dark Web.

Attackers are becoming more creative and using new techniques to wreak havoc with IoT botnets. These botnets can be rented for any duration, size and scale that the attacker pleases – and aimed at any target. So, it’s probably only a matter of time before the ‘Reaper’ botnet is launched for serious DDoS attacks. So, what exactly can organization do to protect their networks and customers from such attacks?

The sheer volume of devices involved poses a serious challenge. After all, any device that has an Internet connection and a processor can be exploited. For this reason, effective DDoS protection requires both instantaneous visibility into DDoS events, real-time mitigation as well as long-term trend analysis to identify changes in the DDoS landscape and deliver proactive detection and mitigation.

No one can control the security of IoT devices that they don’t own, but you can control your own protection against IoT DDoS attacks by implementing always-on, automated DDoS protection solution, which can monitor all traffic in real-time, negate the flood of attack traffic at the Internet edge, eliminate service outages and allow security personnel to focus on uncovering any subsequent malicious activity, before any damage has occurred. In addition, telecoms, as internet connectivity and managed security service providers, are more obligated than ever to protect both their networks and their customers, particularly with the modern technology available for them to do so.

For more information, please contact us.