China cyberspace
A potential cyberattack using IoT Reaper could hit computers worldwide iStock

On 20 October, IBTimes UK reported that researchers from two separate cybersecurity companies, Check Point and Netlab360, had published evidence that a new bot network of enslaved devices was formulating what could be used by hackers to "take down the internet".

The newly-discovered botnet has been christened 'IoT Reaper' and is said to be expanding at a rapid pace, using unpatched vulnerabilities to infect at least a million devices. Here is everything you need to know about the latest cybersecurity threat causing concern across the globe.

What is it and when was it found?

The Reaper botnet is a network of Internet of Things (IoT) devices – mainly web-connected cameras and routers – hijacked using unpatched vulnerabilities. It borrowed codes from the Mirai botnet, used in 2016 to take chunks of the internet offline in the US.

Both cybersecurity companies found the botnet independently of each other in September this year.

How many devices are infected?

It is estimated that millions of IoT products have already been affected by Reaper, with infections spotted across the globe. Netlab360 said that one queue of devices waiting to be infected included more than two million targets.

Which companies have been affected?

Research suggested that at least nine bugs were being exploited to target devices produced by DLink, GoAhead, JAWS, Netgear, Vacron, Linksys and AVTECH. It appeared the author of the botnet was still tinkering with its code, so more infected companies may soon emerge.

Who is the culprit behind the botnet swarm?

The culprit behind the operation remains a mystery. "It is too early to assess the intentions of the threat actors behind it," Check Point researchers said in their report.

What type of attacks could be launched?

While none have been reported so far, the IoT botnet, like Mirai, could be used to launch distributed denial of service (DDoS) cyberattacks. Typically, such attacks use the collective power of hijacked devices to send waves of traffic towards a website in order to take it offline.

Is this really such a big deal?

According to Check Point, the botnet could result in a "cyber-hurricane" that could take down the internet and warned that "we are now experiencing the calm before an even more powerful storm".

Netlab360 was more nuanced, but said that the discovery "deserves our vigilance".

How can people stay safe from attacks?

"A simple password upgrade is not sufficient to protect against the botnet, but is still highly recommended on all devices connected to the internet," explained Tristan Liverpool, director of systems engineering at cybersecurity company F5 Networks.

"To stop the propagation of this botnet, all companies and consumers should ensure all their devices are running the latest firmware versions, which will have security patches included."

What happens next?

Now we let the experts do their jobs – vendors will push out fixes for any unresolved issues and researchers will continue to analyse the botnet's reach. It appears to be growing. "This is an entirely new campaign rapidly spreading throughout the globe," Check Point's team warned.

Research: Netlab360 research, Check Point research

Keyboard typing
Those behind IoT Reaper remain unknown iStock