Why IoTroop / Reaper Remains a Persistent Threat

In 2016, the Mirai botnet temporarily crippled significant portions of the internet by taking control of millions of connected devices to participate in massive Distributed Denial of Service (DDoS) attacks.

In late 2017, new malware was discovered by scientists at Check Point Research. This new malware, which internally reuses large chunks of code from Mirai, was named IoTroop by the researchers. Although it's cognitively hard to label any malware as "improved" over its predecessors, IoTroop certainly looks like it can pack even more of a wallop than Mirai.

Like Mirai, IoTroop is designed to create a global botnet from IoT devices. More insidiously than Mirai, though, IoTroop uses infected IoT devices to search for and infect other devices -- which means that once it gains a foothold inside of a network, it can (and almost certainly will) rapidly spread itself to many other connected devices. Arguably even worse, IoTroop isn't just useful for building a botnet. Its structure is such that, once a device is infected, it sits and waits for its command-and-control server to send it code to execute. That code could be anything that hackers dream up; harnessing it for a DDoS attack is one possibility, certainly, but anything that a hacker can dream up and code is a potential payload for IoTroop-infected devices. The reality is that researchers still do not know the intended usage of IoTroop, and likely will not know until detectable payloads are delivered by hackers and found by researchers.

The scale of the threat posed by IoTroop also equals its scope: Because IoTroop spreads itself, it grows exponentially rapidly. It's currently known that devices from at least twelve manufacturers are vulnerable, including names you'll recognize: D-Link, NETGEAR, and Linksys are just the tip of the iceberg. Indeed, the list of devices it has already infected is in fact large enough that the Check Point researchers have discovered it in approximately 60% of corporate networks.

The threat is real. But what can be done? Two common-sense steps offer some protection. 

Two Steps to Protect Against IoTroop

  1. In the first instance, ensure that the firmware is up to date on all of your connected devices. Device manufacturers release firmware updates in response to threats like IoTroop once they're known and researchers have published the actual attack mechanisms. But all the firmware updates in the world won't help secure your network and devices if you don't upload and install them.
  2. Secondly, be sure that the default admin credentials (username and password) have been changed on all of your connected devices. It's a surprisingly easy safeguard, but also surprisingly left undone by many device owners and network managers. IoTroop uses a variety of attack mechanisms, so this step alone is unlikely to afford complete protection without the aforementioned firmware updates, but remember: All the firmware updates in the world won't protect you if hackers can simply log in to your devices with default credentials. 

As mentioned, these are common-sense steps that device owners and IT managers can take for themselves. And although Wireless Watchdogs can (and does) help manage this kind of device security at scale for businesses and agencies with networks of connected devices, we think it's important to have this information and these simple steps out there for everyone to make use of.

Because even though device security is part of our business, in the final analysis security is everyone's business.

Interested in automating your mobile security? Talk with us about mobile device management today.

Request A Demo

Ready to join the mobile revolution?