Skip to Content
Security & privacy

Massive IoT-based DDoS attack could affect millions of devices: Cybersecurity experts

Take any apocalyptic zombie movie and you’ll probably notice these two things – one, an army of infected minions single-mindedly trying to achieve a singular goal, and two, infrastructure that’s about to be overwhelmed and destroyed.

If you think about it in tech terms, that’s precisely what an internet botnet is all about – an army of zombie gadgets out to cause as much destruction and mayhem as possible.

The next big bad botnet

Traditionally, a botnet is an army of millions of compromised computers and mobile gadgets secretly enslaved as minions in cyberattacks. However, as proven by last year’s Dyn DNS server attacks, even Internet of Things (IoT) appliances are now fair game.

This means unsecured routers, printers, IP web cameras, DVRs, cable boxes, connected “smart” appliances such as Wi-Fi light bulbs and smart locks can be hijacked and involved in cyberattacks without the owner knowing about it.

To remain unnoticed, compromised appliances could be sending out small trickles of data to make the attack discrete. Multiply that by millions and what you have is the perfect distributed-denial-of-service (DDoS) attack vector.

What is a DDoS? DDoS is an attack where a targeted website is flooded with an overwhelming amount of requests from millions of connected machines in order to bring it down.

Now, judging by new reports from cybersecurity firms, the next zombie botnet apocalypse is waiting around the corner. And this apocalypse will be unleashed by something appropriately called The Reaper.

The Reaper is coming

Reports from two cybersecurity companies, Netlab360 and Check Point, have confirmed that a terrifying new botnet army, composed of millions of internet-of-things appliances, is being assembled by newly-discovered malware dubbed as the Reaper.

Check Point warns that with the discovery of this massive botnet, the world should brace itself for another major cyberattack that can potentially take down the entire internet this time. “We are now experiencing the calm before an even more powerful storm, the next cyber hurricane is about to come,” Check Point wrote in a report posted last week.

Netlab360 researchers also noted last week that Reaper deserves our vigilance. Although it is still in its early stages of expansion, the author is actively modifying the code.

So should you fear the Reaper? Well, Reaper has already infected over a million internet-connected cameras and routers, so far and it looks like the recruitment period isn’t over. The Reaper malware is spreading and its mighty botnet army is still rapidly growing as we speak.

Bigger than Mirai

While Check Point suspects that Reaper has possible connections with last year’s Mirai botnet, the potential for massive damage is even greater. Although both botnets share the same source code, Reaper is much more aggressive and persistent.

What makes Reaper extremely potent is its infection vector. While Mirai merely used default or cracked weak passwords to infect devices, Reaper is using software exploits and vulnerabilities to hack into routers and smart appliances.

This means that unlike Mirai, which can be cleared out by simply rebooting the device, Reaper uses sophisticated hacking techniques to spread even quicker and wider without being detected.

So far, the nine exploits that Reaper is actively seeking were found in routers and web-connected cameras made by companies like Linksys, D-Link, TP-Link, Netgear, Avtech, MikroTik, GoAhead and Synology. However, since the author is still actively modifying the code, more devices from other companies may be added to the list soon.

It is estimated that more than a million devices have already been infected and recruited by the Reaper botnet and it’s still expanding rapidly. Netlab360 said that an additional two million devices were found to be queued for infection.

What’s the Reaper’s endgame?

Since the Reaper botnet is still in its initial stages of recruitment and it’s still focused on amassing its zombie army, cybersecurity researchers are still speculating about what the Reaper botnet will be used for.

With the amount of firepower it’s assembling, though, it can dwarf what the Mirai DDoS attacks were able to achieve and it can potentially take down the entire internet with an unprecedented scale of deployment.

As Techspot India explained, “Mirai had a bandwidth exceeding 1Tbps and was able to bring down sites like GitHub, Twitter, Reddit, Netflix, and Airbnb. Reaper is far more sophisticated and has the potential to launch attacks on a scale never seen before experts warn.”

For now, security experts are recommending companies and individuals to check their internet-connected appliances and take them offline if they’re suspected to be infected.

How can you tell if your appliance is hacked?

Internet of things botnet attacks were designed to have appliances like printers, routers, webcams, and the like to only transmit small amounts of data to aid in DDoS attacks so identifying which devices are compromised is tricky.

You may notice a slower than usual internet connection. Keep your eye out for unusual video or music streaming buffering or slow web browsing. You can also try a network analyzer like Fing to monitor your connected devices and open ports. Most routers have data packet analyzers and logs accessed by logging into the administrator page and checking if there are IP addresses that are transmitting unusual amounts of data.

Protect your appliances

Like I mentioned earlier, Reaper is different from Mirai and rebooting the device will not clear it out. Changing your router or connected camera’s password will not help you either.

Your best defense is to check for firmware updates. Now, with these attacks out in the open, manufacturers will start issuing security patches to prevent such infections. It’s important to keep your firmware always up to date. If your gadget does not automatically fetch firmware updates, make sure to manually check at least every three months.

Click here to learn why updating your Wi-Fi router’s firmware is essential for online safety.

Some routers have some firewall functionality too. In your router’s administrator page, look for settings named “Disable Port Scan” and “Enable DoS Protection” and make sure you turn these on.

As evidenced by these recent attacks and techniques, in this increasingly connected world, it goes without saying that the more our homes become “smarter,” the more we have to be smarter about our homes.

Watch out! New ransomware attack spreading from Russia

The Reaper is not the only cyberthreat spreading rapidly. A new ransomware called Bad Rabbit is also currently wreaking havoc across the world! Click here to read more about it.

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days