Reaper – Calm Before IoT Botnet Attack

December 1, 2017 | Views: 5464

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Last year the world witnessed how some of the world’s top Web sites were taken down by “Mirai”, a zombie malware that hijacked “Internet of Things” (IoT) devices like wireless routers, digital video recorder and also security cameras in parts of the U.S. The attack was made simply by wringing the weak or default password of these devices. Mirai caused a commotion with the record-setting Distributed Denial of Service attack. Now the experts are alarmed by the emergence of something that appears to have more powerful IoT attack known as Reaper.

Reaper is built on the part of the Mirai’s code but is way different from it. Reaper reveals some unexpected behavior that increases the difficulty to guess the real danger Botnet wants to obtrude. Reaper does not work solely on guessing the password of the infected device but in actual it uses known security faults in the code and then hacking it with the collection of compromised tools and then expanding its paws further. With some facts that came into limelight, it is suggested that the developers are amateurs and do not want to pose the existential threat which was thought initially. The development platform of the Reaper is flexible to wage attacks that will go beyond mere DDoS.

On Oct. 19, 2017, researchers at Chinese security firm Qihoo 360 and the Israeli security firm Check Point came up with the detailed information about the new attack that was named Reaper. They said that the attack that is created can take down the Internet. The most important fact that was highlighted was Reaper’s actual size. The malware has clustered the prominent hacking techniques that have affected the routers from D – Link, Linksys, and Netgear along with the surveillance cameras those sold by companies like AVTech and Vacron.

The researchers that first published about the Reaper said that the attack has affected around 1 million organizations. The researchers from Qihoo 360’s said that around 10,000 devices are daily communicating with the command and control server in the botnet which the hackers control. They have also found that millions of devices are queued in the hackers’ code to automatically load into the botnet with their designed software. If history could teach it is the known fact that the real price for allowing Reaper to linger and grow is never paid by the owners of the infected devices. Instead, the potential targets of the attack after the owner unshackles its full DDoS firepower are the victims using those infected devices.

The company’s list of affected gadgets can be checked if anyone doubts that their devices are forged. The devices IP traffic analysis can reveal if their device is infected and if they are corresponding with the command-and-control server induced by the unknown hacker that’s dealing with the botnet. If the device is found infected, it should be updated and even factory reset on its firmware will wipe the malware. If the device is infected by the Reaper attack it does not protect the same from being infected by other competing malware which makes it easy for Reaper – infected devices to be disinfected.

In the case of Reaper, the millions of machines could be a serious threat. Reaper has not shown any signs of DDoS action by now, but the malware comprises a Lua – based software that permits new code to get into the compromised machines. It means that it could use its strategy any time to start weapons its hijacked routers and cameras. Reaper has a potential of transforming into an inflammable mechanism, and its developers have exhibited an inclination to build its existing armaments of exploits.

After so much going through about the reaper botnet, I concluded that this is just a beginning and it was already anticipated when the NSA tools were leaked by Shadow Broker and Mirai botnet made its debut. The only thing we can do is wait for a new attack with a tool which is more bolster than the previous one. Whereas the small-scale companies need to increase their technical workforce, as whenever there is an attack these cheap IoT devices are most vulnerable and they do not receive any security patch to fix that vulnerability. Whereas most people face problems as after installing these devices, whether they are from an expensive company or a cheap one, they do not bother to change the login credentials keeping them at default, which makes for a hacker to compromise those devices more easily and use them as he likes to complete his motives.

References:

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel