A New IoT Botnet Is Upon Us – What You Need To Know

As if we all haven’t gotten over the Mirai botnet attack that happened last year, there’s news of a new IoT botnet in town. “IoTroop” or “Reaper” as it is being called by security researchers at Check Point and Qihoo 365 that discovered the attack, is said to affect millions of devices, but it’s still early days with information still being compiled on the full list of vulnerabilities.

So far, 9 exploitable vulnerabilities have been identified in Wireless IP security cameras from manufacturers such as GoAhead, D-Link, TP-Link, AVTECH, NETGEAR, MikroTik, Linksys, Synology, and others. Check Point and Qihoo report that they identified recurring security vulnerabilities in the IoT devices beginning from the end of September, but report that the recruitment phase of the botnet attack is still underway, with up to 10,000 new devices compromised each day.

IoTrooper/Reaper appears to use some vestiges of code from the Mirai attack, but as opposed to the Mirai attack that recruited IoT devices with factory default or missing telnet credentials, this botnet attack dives deeper into inherent IoT hardware and software vulnerabilities. This makes the potential for recruitment much greater in this current attack, garnering the potential to take down the entire internet, according to experts. These “thingbots”, as they are called,  carry out distributed denial of service (DDoS) attacks to the similar effect of Mirai, or create the possibility of an anonymity network, which allows for anonymous surfing of the internet and preventing network surveillance.

Before panic over the potential damage ensues, know that there are ways to secure IoT devices and prevent them from being recruited as thingbots. The first step is to check if there are available firmware updates for network-connected IoT devices (particularly those from manufacturers listed above), and to verify if your security solutions have picked up on one of the 9 published vulnerabilities being targeted.

Next, a rule of thumb with all IoT devices is to disable the peer-to-peer (P2P) communication mechanism that’s available on many security cameras and DVRs. With P2P enabled, hackers can remotely locate and gain access to vulnerable devices that may not be connected to the internet. In addition, consult with security professionals regarding your IoT security stack – if you aren’t using an IoT visibility and detection solution, now is the time to consider the investment. With IoT botnet attacks proliferating, organizations should do everything in their power to understand and protect their enterprise IoT environment.

Finally, and most importantly, don’t panic. At the moment, we know very little about the intentions, scope and warpath of the IoTroop/Reaper attack, so don’t jump to any conclusions just yet and do not abruptly disconnect connected devices; if those devices are infected, they could cause significant network-wide damage once disconnected, not to mention data loss.

If we thought that Mirai was as bad as IoT botnet attacks could get, it appears that IoTroop/Reaper is here to prove otherwise.

Find out about Portnox’s IoT Security Solutions and start protecting your network from botnet attacks today.

Portnox integrates with Check Point’s ThreatCloud solution to provide complete control and strong security for enterprise network IoT.