Vendors waiting to add effective security measures to their IoT devices may be too late–the Reaper is coming.
Also known as IoT Troop, the Reaper IoT botnet is already two million devices strong and growing, built using software that targets and exploits known IoT device security flaws. IoT botnets use the collected bandwidth of a vast number of compromised IoT devices is utilized by hackers for nefarious purposes that often include distributed denial-of-service (DDoS) attacks. They represent significant threats to the stability and safety of both the burgeoning IoT industry, even the Internet as we know it. We’ve already seen what IoT botnets are capable of, and Reaper has now become the largest of its kind.
The code at the heart of Reaper is a descendant of what was used by the Mirai IoT botnet, which amassed an army of compromised devices commandeering as many as 10 million IP addresses. Mirai wreaked havoc during two massive DDoS attacks last year. The first of these assailed the DNS provider Dyn and succeeded in taking 1,200 websites offline, including Amazon, Twitter, Spotify, and Github. The second Mirai attack managed to effectively deny Internet service to the entire country of Liberia.