In brief: « Reaper », yet another IOT botnet!

Date : October 07, 2017

On October 20, 2017, CheckPoint and Qihoo360 announced that they had discovered a new IOT botnet called Reaper (or IoTroop).

Just like Mirai (botnet, which launched massive DDOS attacks in October 2016 against the DNS Dyn service, hosting company OVH and journalist Brian Krebs), Reaper infects poorly-protected connected equipment (typically "small computer equipment" such as Wi-Fi cameras, personal routers, connected home readers, etc.) to form a large botnet. This botnet can then be used to perform other attacks (DDOS, or others). In the case of Reaper, we don't know (yet) what type of attack will be performed, since this botnet was discovered during its construction phase: no large-scale attack has yet been observed.

Reaper made headlines in October because CheckPoint first announced that one million devices would have been infected (compared to 200,000 for Mirai), but this figure was subsequently revised downwards (see this article by Arstechnica.com). Anyway, Reaper is considered more threatening than Mirai:

  • Instead of using default passwords for vulnerable devices, Reaper attacks known vulnerabilities in IOT devices.
  • It is able to quickly integrate new attack programs (as soon as a new vulnerability is discovered).
  • The built up botnet is not limited to DDOS: it can execute any attack script it has previously downloaded. These scripts are written in the LUA language.

We can see it through Reaper, unprotected connected devices (i. e. designed without security or not updated regularly), which are multiplying today with the growth of the IOT, are prime targets for malware. And asking everyone to secure their equipment to avoid attacks on others is often a difficult message to spread. It is therefore likely to be a recurrent problem in the coming years.

 

For more information:

Previous Previous Next Next Print Print