Reaper Botnet Could Lead To Large-Scale DDoS Attacks

The interconnectivity of cyberspace has always been a blessing and a curse. The proliferation of devices and machines that are connected throughout the World Wide Web has left open extreme vulnerabilities that hackers have become increasingly adept at capitalizing on.

The most dangerous and commonly implemented tactic that harnesses the Internet of Things, i.e. the network devices with online access, is the notorious Distributed Denial of Service (DDoS). In this type of attack, hackers infiltrate a large number of devices, not for the purposes of accessing information contained on them, but rather to combine them into a DDoS weapon, which sends simultaneous requests to a target site. The server, unable to handle the flood of data, is rendered inoperable and is effectively shut down.

Last year, the world witnessed the devastating effects of the Mirai botnet attack, which harnessed some 100,000 devices to attacks the servers of Dyn, a company that controls much of the internet’s domain name system (DNS) infrastructure used in North America. The botnet was able to deliver over one terabyte of data per second to its intended target. Mirai was preceded by another colossal attack on the French hosting company OVH that also neared the one terabyte per second rate.

With data streams of this volume being harnessed for cyber attacks, it became doubtful if standard security tools, such as firewalls designed to divert malicious requests, could keep up with hackers. Many industry players started to respond to threats with innovative solutions. Google, for instance, released its Google Shield service, a technology which “spreads out” the requests of a DDoS over a wide webpage infrastructure which absorbs the torrent of pings. Google currently only offers the service to qualifying sites.  

The latest sign of the growing DDoS threat came from researchers at 360 Netlab, which identified the spread of botnet malware targeting IoT (Internet of Things) devices. According to the report, the malware dubbed, “IoT_reaper,” has been tracked for some time now using the virus' code markers. The 360 Netlab researchers claim the IoT_reaper is gleaning 10,000 devices per day, an alarming rate considering that the infamous Mirai utilized only 100,000. With a botnet army of that size, it is questionable if even the powerful Google Shield would be able to stand up to attack.

What stands at the root of this threat is lack of security practices amongst users who own and operate IoT devices.

This growing risk highlights the need for the industry to figure out some way to spread the implementation of security protocols for IoT devices. Common security practices need to become more commonplace within the community of users. It is difficult, however, to determine who or what will be the impetus for such as shift. We can’t exactly rely on millions of individuals to take on best practices overnight. Hopefully, it will not take a massive cyber incident to scare the world straight. A more likely scenario is a top-down phenomenon where manufacturers become more involved in the continued maintenance of their costumers’ device security over the long term. Many companies such as Apple regularly provide their clients with updates and patches, meaning that these users are essentially using supported device software. It is very possible, especially in light of the current trends on Capitol Hill regarding cyber legislation, that governments can become a major factor in making best practices for devices more common by enforcing them through laws.  

Either way, the danger our IoT interconnectivity presents will continue to become more and more disruptive. Reactions to whatever cyber incidents may occur, by the public, government, or the tech industry, will determine how secure the IoT stays in the long term.  

Related News