Move over Mirai. There’s a new monstrous botnet in town.
The newly-discovered botnet, dubbed “Reaper” or “IoTroop,” appears to be a more powerful strain of Internet of Things (IoT) attack malware than Mirai, the previous holder of the IoT botnet crown.
While there are no confirmed reports that Reaper has been used to launch an attack, security researchers warn that it may only be a matter of time.
Reaper was first discovered on 19 October, with claims that it may have already infected multiple organizations and possibly, the entire internet. According to software company, Check Point, the new malware is moving faster with potential to cause greater damage than 2016’s Mirai.
Where Mirai used factory-default or hard-coded usernames and passwords to infiltrate and eventually take control of IoT devices, Reaper exploits known security vulnerabilities across IoT devices makers.
The Reaper worm is designed to spread from one infected device to another.
What makes Reaper and other IoT-based attacks particularly scary is their breadth and sophistication. For example, IoT attacks do not rely on spoofing to create wide attacks. Instead, they are real endpoints with real IP addresses, making it more difficult to block each individual device that is sending attack traffic. Additionally, IoT attacks are widely distributed globally where each IP has to be treated differently – an organization cannot just block a network segment or a country’s IP range to defend against it.
IoT attacks, in general, have wider attacking capabilities than traditional attack strategies. Previous huge volume attacks used reflection (such as Domain Name System or Network Time Protocol) to create volume by tricking thousands of open resolvers into generating a huge traffic load. IoT attacks, on the other hand, have a vast swath. Millions of IoT devices can each generate individual traffic that can swell into gargantuan attacks similar to that of a ripple building into a tidal wave.
So far, there have been no confirmed reports of Reaper’s presence, but the potential for DDoS attacks looms. This is especially threatening, considering that Mirai was used to launch some of largest DDoS attacks on record.
Update IoT Devices
It is important to be protected should Reaper take the same track as Mirai and be leveraged to launch IoT-fueled DDoS attacks. Updating IoT devices with new codes and turning off features that involve WAN-based administration is one preventive measure help protect devices from Reaper.
While Mirai was primed with a list of default usernames and passwords of devices throughout the internet, Reaper uses a set of exploits seen in various devices. This means that without any knowledge of a username or password, someone may be able to get in by leveraging one of these exploits.
Failing to update devices and turning off WAN-style features could leave your admin password exposed, regardless of how complex it is.
Another preventative measure is securing the network. High-performance DDoS detection and mitigation are must-haves in the battle against IoT botnets and the sophisticated multi-vector DDoS attacks. Organizations need swift, surgical detection and rapid mitigation to ensure services are not disrupted and that legitimate traffic can still pass through during wartime.
It is imperative for DDoS defense solutions to understand traffic patterns and behaviors to block anomalous traffic. They should simultaneously be allowing real user traffic to continue to pass through and quickly identifying and analyzing threats.
Organizations should implement a hybrid DDoS protection model that combines the power of on-premise DDoS defense with cloud capabilities to combat high-volume DDoS attacks for additional real-time protection.
Defend Against Current and Future Threats
The A10 Thunder TPS is one DDoS defense solution that goes beyond traditional DDoS defense to ensure your network won’t collapse under the weight of a high-volume attack. The solution processes more than 500,000 flows per second while offering detection and mitigation capabilities. Additionally, it can scale up to 2.4 Tbps with a list synchronization cluster, offering up to 11 times the performance of legacy solutions.
The A10 Thunder TPS can also track up to 128 million individual IP addresses – whether IoT device IP addresses or legitimate users – to defend against the breadth that makes IoT attacks so devastating. It leverages a massive Class-list size of 96 million entries with integrated threat intelligence to identify and block known infected IoT devices at internet scale.
A strong DDoS defense solution is imperative today as it can help protect against threats now and threats that could spring up in the future. By cloaking your network with security measure, you won’t have to fear the next big botnet, or even the Reaper.