The Mirai botnet’s massive DDoS attacks are still firmly lodged in the memory IoT manufacturers. But fear is already growing over the next one to hit. IoT Reaper – recently discovered by researchers at Netlab 360 and Check Point research firms – is based on the Mirai botnet code. It is estimated to have infected 28,000 devices and another 2 million are vulnerable to attack. Although the botnet seems to be smaller and less dangerous than first estimated, both enterprises and device manufacturers should think about their strategies to fight threats. One thing is for sure: This one won’t be the last one.
IoT botnets use Internet connected devices which have been infected by the same malware and are controlled by a threat actor from a remote location. IoT Reaper infects devices with malware, effectively hijacking the device for whenever the botnet controller is ready to issue their commands.
How does IoT Reaper exploit?
IoT Reaper targets nine specific firmware vulnerabilities affecting home routers, cameras and video recorders. The malware is still being revised and updated, and new vulnerabilities could be added any time. Patches are available for most of these vulnerabilities but unfortunately, many consumers or enterprises never take the necessary steps to patch IoT devices.
What can device owners do?
Enterprises and consumers alike should manage security of connected devices closely and keep them up to date and protected:
- Don’t use default username/password combinations
- Question the necessity of connecting a device to the Internet
- Check frequently for patches and updates and keep software and firmware on your devices up to date
Suppliers can make it easier!
Most devices remain unpatched because users don’t know that an update is available. And only a small group of users – consumers and enterprises alike – go through the effort of checking for available software/ firmware updates frequently enough. Suppliers that know which customers are using which software version on which device, can utilize their software monetization back office to notify users of vulnerable devices immediately. It is also possible to connect devices to a software/firmware update solution so that devices can request new updates automatically when they are connected.
Patch vulnerable software and stay in control
Ultimately, the Reaper and other botnets use security holes available to infect devices. Open source security vulnerabilities in IoT firmware are another easy target. Device manufacturers should continuously track and manage open source usage in their firmware. And they should have processes and tools in place that will alert them of high risk vulnerabilities in open source or 3rd party components used. Close the risk window as soon as possible to keep your devices and customers out of trouble.