(credit: Johnny Ashburn)
Eight days have passed since researchers first warned of a new, potentially Internet-paralyzing botnet made up of cameras, routers, and other so-called Internet-of-things devices. There are good reasons for concern that Reaper, as the botnet has been dubbed, could pose as big a threat as Mirai, the mass IoT infection that last year caused chaos with record-setting distributed denial-of-service attacks.
The more nuanced reality is that Reaper exhibits some unusual behavior that makes it impossible to assess the real danger the botnet presents. Some facts that have come to light over the past few days strongly suggest its developers are amateurs and don’t pose the existential Internet threat initially thought, particularly when comparing Reaper to another established IoT botnet that has gone largely ignored for more than a year. Then again, Reaper exhibits other attributes that give it an advantage over other botnets. Chief among them is an infection mechanism unlike any seen before in an IoT botnet. Another advantage is that Reaper’s development platform is flexible enough to wage a suite of attacks that go well beyond mere DDoSes. With a few improvements and a few lucky breaks, Reaper could prove to be a real menace.
Sizing it up
The most important fact to emerge is Reaper’s true size. Researchers from security firm Check Point, who were the first to publicly report the botnet stunned their peers when they said it had infected an estimated 1 million organizations. That would dwarf just about every botnet—IoT or otherwise—seen to date, including Mirai, which was estimated to have infected anywhere from 145,000 to 230,000 devices.
Read 19 remaining paragraphs | Comments
