The Reaper has come to claim control on your IoT devices

A new threat has risen in the last couple of days from the IoT world and this advanced threat has been declared as the Reaper botnet that make other attacks look childish. Mirai worked by affecting unsecured devices with default passwords to add them to the botnet. The Reaper runs by actively hacking and infiltrating millions of devices throughout the globe. News described it as "the contrast between checking for open doors and actively picking locks."

The Reaper malware includes some of the Mirai source code but has considerably expanded its risk and potential. Rather than choosing common passwords, Reaper uses known vulnerabilities to inject its code into the victim. This provides it to grow at a much faster rate.

The malware has now been discovered on 60% of networks controlled by Checkpoint. The vulnerable device includes devices from GoAhead, D-Link, TP-Link, Netgear, AVTech, MikroTik, Linksys, Synology, and some parts of Linux. controls almost 20,000 drones till date. Many of these device companies have released patches for the vulnerabilities, but most users don't apply them.

There are millions of devices already operating the Lua-based software that will allow the botnet owners to fill their attack modules. There have been no recorded uses of the botnet, but the code shows it's on standby waiting for a signal to start the barrage of DDoS attacks.
While Mirai caused widespread outages, it impacted IP cameras and internet routers by simply exploiting their weak or default passwords.

The latest botnet threat, known as alternately as IoT Troop or Reaper, has evolved that strategy, using actual software-hacking techniques to break into devices instead. It's the difference between checking for open doors and actively picking locks and it's already enveloped devices on a million networks and counting.

Mirai had a bandwidth capping 4Tbps (till today) and was able to take down sites like GitHub, Twitter, Reddit, Netflix, and Airbnb. Reaper is far further sophisticated and has the potential to launch attacks on a scale never seen before experts suggest.

An analysis of the IP traffic from those devices should reveal if they're communicating with the command-and-control server helmed by the unknown hacker that's administering the botnet and if found, a factory reset will be sufficient to clear the malware or update the device's firmware to the latest patch.

All of that adds up to an increasingly troubling situation: One where the owners of IoT devices are racing with a botnet master to disinfect devices faster than the malware can spread, with serious potential consequences for vulnerable DDoS targets around the world. And given that Reaper has far more sophisticated tools than Mirai, the impending volley of attacks may turn out to be even direr than the last one.

More to come on this topic in the near future.