The Gallery: IoTroop Botnet - Reaper Of The Internet

The Gallery: IoTroop Botnet – Reaper Of The Internet

The spiritual successor to the Mirai botnet is now looming inside millions of IoT devices. Will it wreak havoc on the Internet, or can we stop it in its tracks?

Remember Mirai? I don’t blame you if you can’t. A lot has happened since that day in October 2016 when much of the internet crashed as Mirai took down swaths of web servers residing on the East Coast of the United States. Since then, we’ve had WannaCry, NotPetya and the Equifax breach occupy the news and it seems like cyber attacks are becoming commonplace.

Damage Caused By The Mirai Botnet

Ultimately, Mirai crashed much of the internet by creating a botnet out of Linux IoT devices with little or no password protection, such as unprotected IP Cameras and home routers. Each of these devices was then used as a bot to request small amounts of bandwidth from target websites. Mirai ultimately enlisted over 100,000 devices causing the normal traffic load on target servers to exceed capacity by 10 to 20 times and creating the largest DDoS attack ever seen.

This DDoS attack started by going after KrebsOnSecurity, a website created by cybersecurity journalist, Brian Krebs. His web servers received botnet traffic as a high as 620 Gbps. Other websites saw traffic to their websites go as high as 1 Tbps. The botnet took a particular aim at Dyn, a DNS service based in New Hampshire, in the end effecting PayPal, Reddit, Netflix, Twitter, and many more popular services.

IoTroop or Reaper Looming On The Horizon

Well, it turns out there is another botnet possibly based on Mirai that is lying dormant and may take a death grip on the Web the likes of which we’ve never seen before. This version of the botnet is called Reaper or IoTroop, and the name is fitting. This botnet is enlisting some 10,000 IoT devices a day as bots and may just give the challenge of taking down the whole internet a run for its money.

What’s interesting is we know about it before it has been unleashed, unlike Mirai. Checkpoint Research, an Israeli security firm posted about the growing botnet last week. Checkpoint Research goes into detail about the worm building this botnet, which you can read about here.

In a nutshell, this worm spreads from device to device using known exploits in devices and already resides in millions of devices. IoTroop is different than Mirai in that this isn’t a case of poor and default passwords protecting devices.

Can We Stop IoTroop Or Is It Too Late?

Security researchers have caught this botnet in its tracks, so there may be time to stop it before it attacks. A good way to think of these botnets is like a ticking time bomb. If you find the bomb in time, experts have a chance to dismantle it. If it goes unnoticed, however, you can expect a messy day for the Internet some time in the future.

It isn’t like these botnets just cause issues with services we use for entertainment and social media. Our world is so wired into web services, that when these web services get taken down en masse, it can cause issues with critical infrastructure, such as the electrical grid, hospitals, etc.

What you can do now is make sure you patch all your IoT devices and routers. It also appears that simply changing your password on any home-based IoT devices (routers, IP cameras, etc.) will defeat the bot on infected devices. It won’t harm you personally or your hardware, but it will have larger implications if Reaper isn’t thwarted.

By: Greg Mooney, Ipswitch


The Gallery is a forum for ideas and examination of matters facing state and local government. Readers, members of the media, academics or the business community are invited to submit guest columns to bailey{at}civsourceonline{dot}com. Member of the public sector? We’re interested in hearing from you too. CivSource does not endorse the views presented in The Gallery, but offers them in an effort to present more diverse coverage. CivSource will review all submissions but does not guarantee publication of all works submitted.