sb-au logo
Story image

Reaper IoT botnet small but still dangerous, security experts warn

30 Oct 2017

Check Point, Arbor Networks’ Security Engineering & Response Team (ASERT) and researchers from Qihoo 360 Netlab Blog have raised the alarm about a suspected botnet

Dubbed IoTroop by Check Point and Reaper IoT by ASERT, the botnet has affected organisations around the globe.

However Check Point’s figures may be incorrect. According to ASERT’s findings, the Reaper botnet has between 10,000 to 20,000 bots in total, but that number fluctuates. The botnet has also been scanning millions of potential victims for its network, however many of those victims’ nodes have not been compromised.

“At this time, it is not clear why these candidate bots have not been co-opted into the botnet. Possible explanations include: misidentification due to flaws in the scanning code, scalability/performance issues in the Reaper code injection infrastructure, or a deliberate decision by the Reaper botmasters to throttle back the propagation mechanism,” ASERT researchers say.

360 Netlab researchers also note that the number of unique active IP addresses in the botnet is more than 10,000 per day – and it is still in the early stages of growth.

While Reaper is capable of launching SYN-floods, ACK-floods, http floods, and DNS reflection/amplification attacks, it is likely to have other, yet-to-be-determined DDoS attack capabilities, as well,” ASERT continues.

ASERT says that Reaper is probably serving the DDoS-as-a-Service market in China, and appears to come from the Chinese criminal underground.

The malware creator has also mimicked code from the notorious Mirai botnet, but it is not the same. It is unable to crack passwords and instead goes after vulnerabilities in IoT devices; and its scan behaviour is rather mild to avoid detection, Netlab researchers explain.

Netlabs supports Check Point’s classification of affected devices, which include D-Link, TP-Link, Linksys, NETGEAR, AVTECH, MikroTik, Synology and GoAhead. In addition, Vacron, other DVRs have also been added to the list.

“In the last 10 days, the attacker has continuously added more new exploits into samples, one of which is adopted only 2 days after the disclosure of the vulnerability was made,” Netlabs researchers say.

They also note that while DDoS support has been encoded in the malware, there is no evidence of a DDoS attack so far.

“The only instructions we saw are to download samples. This means the attacker is still focusing on spreading the botnets,” they explain.

Check Point researchers warned that ‘the next cyber hurricane’ is about to arrive.

“It is too early to guess the intentions of the threat actors behind it, but with previous Botnet DDoS attacks essentially taking down the Internet, it is vital that organizations make proper preparations and defense mechanisms are put in place before an attack strikes.”

Story image
Ping named identity solution Leader by ISG
Recognised for Identity & Access Management in the 2020 Provider Lens Cyber Security – Solutions & Services Quadrant Report Australia.More
Story image
Revealed: The behaviours exhibited by the most effective CISOs
As cyber-threats pile up, more is being asked of CISOs - and according to Gartner, only a precious few are 'excelling' by the standards of their CISO Effectiveness Index.More
Story image
Fast track your digital transformation with dynamic security services from Fortinet
Jon McGettigan, Fortinet A/NZ Regional Director, explains how enterprises can speed up their network service delivery programmes by embracing Fortinet’s dynamic security services.More
Story image
Global attack volume down, but fraud and cyber threats still going strong
“The move to digital, for both businesses and consumers, has been significant. Yet with this change comes opportunity for exploitation. Fraudsters look for easy targets: whether government support packages, new lines of credit or media companies with fewer barriers to entry."More
Link image
How a metrics-driven mindset can enable DevOps at enterprise scale
Here's how to enable dev teams to deploy higher-quality software and create reporting standards that clearly communicate software performance.More
Story image
Gartner: By 2023, 65% of the world will have personal data covered under modern privacy regulations
“Security and risk management (SRM) leaders need to help their organisation adapt their personal data handling practices without exposing the business to loss."More