Don’t Wait for Reaper to Get Big

The Internet of Things has long passed the stage where many thought of it as a “fad,” “buzzword” or “trend.” Smart devices are here to stay, and cybercriminals have started to adapt their business to include any connected gadget that is vulnerable.

With its size currently oscillating somewhere between 10,000 and 20,000 bots, the so-called Reaper botnet that made the rounds recently is no big thing at the moment, but its prospect is scary: two million likely hosts acting as a unit, under a single manager.

Reaper, also known as IOTroop, shares some code with the infamous Mirai, the botnet that took the world by surprise last year when it launched a distributed denial-of-service (DDoS) attack on DNS service provider Dyn. However, researchers agree that Reaper is a whole new beast that could put Mirai to shame in terms of size, virality of infection and capacity for destruction.

It also has a more complex spreading mechanism that takes advantage of remote code execution bugs in video surveillance equipment (IP cameras, network video recorders – NVR, digital video recorders – DVR) and routers. This means that a password is no protection if the device is reachable over the internet. Moreover, the botnet malware has an update mechanism that could change its purpose and the way it claims new victims.

Reaper grows by scanning the internet for vulnerable devices, identifying them and sending specific exploit code. Arbor Networks’ Security Engineering and Response Team (ASERT), which has kept an eye on Reaper’s activity, says the botnet scanners have identified two million potentially viable candidates. Why have they not joined the ranks already? ASERT has some ideas:

“At this time, it is not clear why these candidate bots have not been co-opted into the botnet. Possible explanations include: misidentification due to flaws in the scanning code, scalability/performance issues in the Reaper code injection infrastructure, or a deliberate decision by the Reaper botmasters to throttle back the propagation mechanism.”

One apparent purpose for Reaper is to act as a for-hire DDoS service to whoever wants a contender offline, a theory shared by ASERT. Yet, it could also be adjusted to other activities, such as sending spam or providing anonymous communication nodes. The botmaster can also fragment it to accommodate the needs of multiple customers.

The army of smart devices already under Reaper’s control has not shown its intention, yet. Users should apply the latest firmware releases for their IoT products as soon as they become available. Bitdefender Home Scanner can help identify the systems on the network that have known security issues, narrowing your search for updates.

Credit: Geralt / Pixabay

One comment

  • By Rob - Reply

    Still waiting for Box to be made available in the UK. Any news on a release date?

  • Add Comment

    Your email address will not be published. Required fields are marked *