2 min read

Don’t Wait for Reaper to Get Big

Ionut ILASCU

November 01, 2017

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Don’t Wait for Reaper to Get Big

The Internet of Things has long passed the stage where many thought of it as a “fad,” “buzzword” or “trend.” Smart devices are here to stay, and cybercriminals have started to adapt their business to include any connected gadget that is vulnerable.

With its size currently oscillating somewhere between 10,000 and 20,000 bots, the so-called Reaper botnet that made the rounds recently is no big thing at the moment, but its prospect is scary: two million likely hosts acting as a unit, under a single manager.

Reaper, also known as IOTroop, shares some code with the infamous Mirai, the botnet that took the world by surprise last year when it launched a distributed denial-of-service (DDoS) attack on DNS service provider Dyn. However, researchers agree that Reaper is a whole new beast that could put Mirai to shame in terms of size, virality of infection and capacity for destruction.

It also has a more complex spreading mechanism that takes advantage of remote code execution bugs in video surveillance equipment (IP cameras, network video recorders – NVR, digital video recorders – DVR) and routers. This means that a password is no protection if the device is reachable over the internet. Moreover, the botnet malware has an update mechanism that could change its purpose and the way it claims new victims.

Reaper grows by scanning the internet for vulnerable devices, identifying them and sending specific exploit code. Arbor Networks’ Security Engineering and Response Team (ASERT), which has kept an eye on Reaper’s activity, says the botnet scanners have identified two million potentially viable candidates. Why have they not joined the ranks already? ASERT has some ideas:

“At this time, it is not clear why these candidate bots have not been co-opted into the botnet. Possible explanations include: misidentification due to flaws in the scanning code, scalability/performance issues in the Reaper code injection infrastructure, or a deliberate decision by the Reaper botmasters to throttle back the propagation mechanism.”

One apparent purpose for Reaper is to act as a for-hire DDoS service to whoever wants a contender offline, a theory shared by ASERT. Yet, it could also be adjusted to other activities, such as sending spam or providing anonymous communication nodes. The botmaster can also fragment it to accommodate the needs of multiple customers.

The army of smart devices already under Reaper’s control has not shown its intention, yet. Users should apply the latest firmware releases for their IoT products as soon as they become available. Bitdefender Home Scanner can help identify the systems on the network that have known security issues, narrowing your search for updates.

Credit: Geralt / Pixabay

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials
Silviu STAHIE

November 26, 2021

1 min read
Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group
Filip TRUȚĂ

November 26, 2021

1 min read
Couple arrested for secretly installing cryptomining software on department store PCs Couple arrested for secretly installing cryptomining software on department store PCs
Graham CLULEY

November 26, 2021

1 min read