Woman at computer with code

A new distributed denial of service attack, emanating from the IoT may be on the cards. Source: Shutterstock

Prepare for an even bigger DDoS attack from infected IoT

Around a year after the Mirai internet of things (IoT) based malware attack that caused massive Internet outages, there’s a new threat (and a possible variant, see below) that’s also attacking IoT, and it may even have effects more devastating than Mirai’s.

The following devices, many of them common, are at risk:

Routers by Dlink (850L, DIR-600 & DIR-300), Linksys and Netgear
Cameras / NVRs by AVTECH, Vacron and JAWS, GoAhead, D-Link, TP-Link, AVTECH, Linksys, and Synology

The new threat has been named as “IoT_reaper” and was first identified in the wild by Chinese cybersecurity firm Qihoo 360 last month. Unlike Mirai, the malware cannot be stopped by changing affected devices’ weak passwords for stronger ones.

Instead, the malware exploits integral vulnerabilities and turns infected devices into parts of a botnet army that’s intended to launch massive distributed denial of service (DDoS) attacks.

It is believed nearly two million devices have already been compromised, and their numbers are growing at around 10,000 each day.

Last year’s Mirai malware only utilized 100,000 devices to effectively take Dyn (owned by Oracle) offline by means of a huge DDoS attack. Twitter, Reddit, GitHub, Netflix, Spotify, and Amazon.com were all temporarily unavailable via their URLs.

“Currently, this botnet is still in its early stages of expansion. But the author is actively modifying the code, which deserves our vigilance.” Qihoo 360 researchers said.

A possible variant on IoT_reaper has been identified: named “IoTroop”, it has probably affected hundreds of thousands of organizations across the globe, according to CheckPoint.

Security experts have noticed that a potential DDoS attack’s effects will be exacerbated as more than 100 DNS open resolvers seem to have already been compromised, making the malware able to use DNS amplification to increase the numbers of attack vectors.

It is not currently known who created the malware or why, but the threat of a massive DDoS attack is imminent. At present, the code is still propagating and compromising unprotected machines.

“It is too early to guess the intentions of the threat actors behind it, but with previous Botnet DDoS attacks essentially taking down the Internet, it is vital that organizations make proper preparations and defense mechanisms are put in place before attack strikes,” researchers said.