New botnet malware could disrupt Internet services


A recently discovered botnet malware is rapidly spreading with more than 2 million devices believed to have already been infected, according to cybersecurity experts.


Named IoT_Reaper by security researchers at China's Netlab 360 and IoTroop by the Israeli security firm Check Point, the malware is based on the infamous Mirai "internet of things" worm that compromised millions of wireless routers, security cameras and digital video recorders in 2016.


Check Point said they have been tracking the development of the massive new IoT botnet, which is "forming to create a cyber-storm that could take down the Internet."


"This has the potential to be more damaging than Mirai," Check Point's threat intelligence group manager Maya Horowitz has stated. "The most interesting difference between this malware and Mirai is that it is far more sophisticated. Attackers are not just exploiting default credentials to compromise devices, but also using a dozen or more vulnerabilities to get on these devices."


Rather than trying easy-to-guess default passwords on a large number of digital video recorders (DVRs) to propagate as Mirai did, Reaper fires exploit code at vulnerabilities in similar devices, as well as network video recorders (NVRs), IP cameras and home routers, Forbes reported. They include products from D-Link, Netgear, and Linksys, amongst others...


Krebs on Security warned, "We are likely enjoying a period of false calm before another humbling IoT attack wave breaks."


Reaper's masters and purpose are unknown, though the most obvious use for it would be a distributed denial of service attack, a la Mirai, Horowitz said.


"Such an attack could either be for the sake of general chaos or more targeted at a specific country," she said.