Assessing the threat the Reaper botnet poses to the Internet—what we know now

 In Biz & IT, botnets, cameras, DDoS, distributed denial of service, exploits, Internet of Things, IoT, modems, routers, vulnerabilities

Assessing the threat the Reaper botnet poses to the Internet—what we know now

Serving the Technologist for more than a decade. IT news, reviews, and analysis.

(credit: Johnny Ashburn)

Eight days have passed since researchers first warned of a new, potentially Internet-paralyzing botnet made up of cameras, routers, and other so-called Internet-of-things devices. There are good reasons for concern that Reaper, as the botnet has been dubbed, could pose as big a threat as Mirai, the mass IoT infection that last year caused chaos with record-setting distributed denial-of-service attacks.

The more nuanced reality is that Reaper exhibits some unusual behavior that makes it impossible to assess the real danger the botnet presents. Some facts that have come to light over the past few days strongly suggest its developers are amateurs and don’t pose the existential Internet threat initially thought, particularly when comparing Reaper to another established IoT botnet that has gone largely ignored for more than a year. Then again, Reaper exhibits other attributes that give it an advantage over other botnets. Chief among them is an infection mechanism unlike any seen before in an IoT botnet. Another advantage is that Reaper’s development platform is flexible enough to wage a suite of attacks that go well beyond mere DDoSes. With a few improvements and a few lucky breaks, Reaper could prove to be a real menace.

Sizing it up

The most important fact to emerge is Reaper’s true size. Researchers from security firm Check Point, who were the first to publicly report the botnet stunned their peers when they said it had infected an estimated 1 million organizations. That would dwarf just about every botnet—IoT or otherwise—seen to date, including Mirai, which was estimated to have infected anywhere from 145,000 to 230,000 devices.

Read 19 remaining paragraphs | Comments

Whatever the threat posed by the new IoT botnet, a worse one has lurked for months.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt