Skip to main content

Cyber Security Alert: Should You Fear the Reaper?

By: Mohammed Al-Moneer, Regional Director, MENA at A10 Networks

Move over Mirai. There’s a new monstrous botnet in town.

The newly-discovered botnet, dubbed “Reaper” or “IoTroop,” appears to be a more powerful strain of Internet of Things (IoT) attack malware than Mirai, the previous holder of the IoT botnet crown.

And while Reaper hasn’t yet to launch an attack, security researchers warn that it may only be a matter of time.

Researches from Check Point announced their discovery of Reaper on Oct. 19, claiming that it may have already infected “an estimated million organizations” and could potentially “take down the internet.”  The new malware, Check Point wrote, is “evolving and recruiting IoT devices at a far greater pace and with more potential damage than the Mirai botnet of 2016.”

Where Mirai used factory-default or hard-coded usernames and passwords to infiltrate and eventually take control of IoT devices, Reaper exploits known security vulnerabilities across IoT devices makers, such as AVTECH, D-Link, Netgear, Linksys and more, according to KrebsonSecurity. Netlab 360 listed the vulnerabilities Reaper exploits in a blog post.

The Reaper worm is designed to spread from one infected device to another.

Infiltrating IoT

What makes Reaper and other IoT-based attacks particularly scary before is their breadth and sophistication. For example, IoT attacks don’t rely on spoofing to create wide attacks, instead, they are real endpoints with real IP addresses, making it more difficult to block each individual device that is sending attack traffic. Additionally, IoT attacks are widely distributed globally and each IP has to be treated differently – an organization can’t just block a network segment or a country’s IP range to defend against it.

And IoT attacks can have wider breath of attacking capabilities than traditional attack strategies. For example, previous huge volume attacks used reflection (such as DNS or NTP) to create volume, meaning thousands of open resolvers (DNS reflection case) would be tricked into generating a huge traffic load. IoT attacks, on the other hand, have a vast swath; millions of IoT devices can each generate individual traffic that can swell into gargantuan attacks – think of it as a wake building into a tidal wave.

And while there have been no confirmed reports of Reaper being used to carry out an attack, the potential for DDoS attacks looms, especially considering that Mirai was used to launch some of largest DDoS attacks on record, including attacks up to and exceeding 1 Tbps.

“It is too early to guess the intentions of the threat actors behind it, but with previous Botnet DDoS attacks essentially taking down the Internet, it is vital that organizations make proper preparations and defense mechanisms are put in place before an attack strikes,” Check Point wrote.

Protect Yourself

Should Reaper take the same track as Mirai and be leveraged to launch IoT-fueled DDoS attacks, it’s important to be protected.

High-performance DDoS detection and mitigation are must-haves in the battle against IoT botnets and the sophisticated multi-vector DDoS attacks they power. Organizations need swift, surgical detection and rapid mitigation to ensure services aren’t disrupted and that legitimate traffic can still get through during wartime.

It is imperative for DDoS defense solutions to understand traffic patterns and behaviors to block anomalous traffic while allowing real user traffic to continue to pass through. Identifying and analyzing threats quickly is also necessary.

And for additional real-time protection, organizations should implement a hybrid DDoS protection model that combines the power of on-premise DDoS defense with cloud capabilities to combat high-volume DDoS attacks.

Update IoT Devices

Another preventative measure is to update your devices. Updating IoT devices with new code and turning off features that involve WAN-based administration can help protect devices from Reaper, should it become active.

While Mirai was primed with a list of default usernames and passwords of devices throughout the internet, Reaper uses a set of exploits seen in various devices, meaning that without any knowledge of a username or password, someone may be able to get in by leveraging one of these exploits.

Failing to update devices and turn off WAN-style features could leave your admin password exposed, regardless of how complex it is.

Popular posts from this blog

Cloud Computing powering India’s priority of ‘Digital-first country’

By: Sunil Mahale, India MD and VP, Nutanix
Digital transformation has been recognized as being vital to the growth of our nation. This transformation has enjoyed the unanimous approval and contribution from all stake holders including enterprises, MSMEs, government bodies and citizens. But this level of adoption in a country with a population of over a billion people would need a robust technology base that is capable to collecting and distributing vital data seamlessly.
Digital India envisions creating high speed digital highways, that will impact commerce and create a digital footprint for every individual. Technologies based on mobility, analytics, Internet of things and most importantly, cloud technologies are the building blocks for the digital India missionThere is a growing need to manage huge volumes of data, and making them readily available to public through digital cloud services. Cloud has a pivotal role in enabling this change.
While Data centers have become crucial to th…

Semalt Expert Tells The Reasons Qualitative SEO Services Are Not Cheap

Just like the internet, Search Engine Optimization is constantly changing. Also, it's becoming more difficult to perform a good SEO as soon as Google is continuously improving the algorithm of ranking websites. SEO becomes more complicated so you should expect to pay more for hiring SEO specialists or agencies.
The leading Customer Success Manager of Semalt, Igor Gamanenko explains what factors force SEO services cost increase.
SEO Expertise
SEO has been undergoing the crucial changes and updates over the last 10 years. In the early days of SEO, Google only was caring about the technical aspect of your website, links and keyword metadata to rate you higher. The rating guidelines were quite easy: all you had to do was using some keywords in your metadata and more links than your competitors. This was enough to give you a higher ranking in search engines.
Today, the game has completely changed. Through semantics, Google has a better understanding of internet searches, so it can judg…

RevStart launches its RevItUp Incubation Programme

Underlining its vision of creating a nurturing ecosystem for start-ups to grow in, RevStart, a co-working and incubation centre, has announced the launch of its RevItUp Incubation Programme. The 12-week long programme will be held at RevStart Incubation Centre in Noida from July 1, 2018 onwards. As part of the programme, RevStart will select five high potential start-ups from the ed-tech sector, AI, Consumer Internet, Sustainability, as well as for-profit social impact companies to assist them with developing their business, along with connecting them to global mentors across industries and sectors. In addition, start-ups selected for the programme will receive INR 5 lakh to Rs. 25 lakhs worth of cash and benefits, while RevStart will get an equity stake in the ventures.
The RevItUp Incubation Programme has been created to enhance the founding team’s industry, product, and company building knowledge and capabilities through a world-class curriculum. The programme will focus on tailor…