GDT Webinar Series – How to Fail at Security? Reserve Your Spot
Contact

REAPER BOTNET: EXECUTE ORDER 66

  • Marissa Gaudet
  • November 2, 2017

by Moe Janmohammad via ScienceMoez.com

Almost exactly a year after the Mirai Botnet took down half of the internet, a new IoT botnet is building itself to launch an even more disruptive attack. On October 19th, CheckPoint announced they’ve started tracking a new botnet, named “Reaper”, which had already found its way into over 1 million organizations.

Unlike Mirai, which downloaded itself onto IoT devices using the default passwords, Reaper uses at least 9 known exploits to compromise the devices. Currently affected manufacturers include AVTECH, NetGear, Linksys, and D-Link, among others.
Both Mirai and Reaper are worms, which means they spread automatically from one device to another, so their calls back to a command and control server can be few and far between. Mirai’s scanning is extremely aggressive, often causing an unintentional Denial of Service attack on small home routers its trying to take control of. Reaper is different in that its’ scans are much less aggressive, and spreads very deliberately. This allows it to add devices to the botnet more stealthily and fly under the radar of security operations personnel looking for suspicious activity.

Hindsight is 20-20

Looking back at the 2016 Mirai attacks, researchers can see all of the telltale signs of an impending attack. Increased communication with unknown IPs, sudden processor usage increase, and unresponsive IoT devices were all signs that could have been used to detect the botnet before it’s attacks on Dyn’s servers. Since Reaper is moving much more slowly, its intentions are harder to guess. We already know that it has enough devices to recreate the 2016 Mirai attacks, with even greater power.
Some theories about the purpose of the Reaper Botnet include a giant distributed proxy network, or Tor endpoints to create more anonymized browsing resources. Some of the signs look like it’s going to mirror the Mirai attack, but other signs are completely new to us. It even lives harmoniously with Mirai on devices that have been compromised by both!

How do I protect my devices?

Almost all of the exploits being used to take over the devices are vulnerabilities discovered in the last 3 months. There is a very good chance that your IoT devices don’t have the updates required to patch those flaws. My advice is to patch often, turn on automatic updates, and check on your devices at least once a week. The Reaper code looks like its being updated, so new vulnerabilities can, and will, be exploited to take over your IoT devices.
For now, all we can do is wait in the calm before the storm.

Author

Share this article

You might also like:

See All

GDT Security VP on Leveraging AI & Machine Learning in Cybersecurity

As the head of GDT’s security practice and an industry veteran, Jeanne Malone and her team help customers worldwide advance their cybersecurity posture. One of the biggest cybersecurity game-changers is artificial intelligence (AI). We asked Jeanne to weigh in on leveraging AI and machine learning in cybersecurity to improve intrusion

Guard Against the “Elite Eight” Cybersecurity Threats of 2024

NCAA basketball coaching legend Bobby Knight once said: “Good basketball always starts with a good defense.” Winning teams understand their opponents’ strengths and weaknesses, as well as their own. They study their opponents’ plays and anticipate their next moves. The same concept is true for cybersecurity, which is why, at

Newly Launched GDT NaaS, Powered by Juniper Offers Modern Approach to Networking

Dallas, Texas, January 31, 2024 – General Datatech (GDT), a leading global IT services provider, has worked with Juniper Networks to launch GDT Network as a Service (NaaS), Powered by Juniper. This modern networking approach simplifies network design, implementation, and management by delivering a flexible, subscription-based option to access the industry’s

Stay up-to-date with the industry

Fill out the form and get started!

GDT needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our Privacy Policy.

GDT Innovation Campus | 999 Metromedia Place Dallas, TX 75247 | 214.857.6100

Stay up to date

Copyright © 2019-2024 General Datatech, LP. All rights reserved. GDT names and logos are trademarks, or trademarks Reg. U.S. Pat. & TM Office, of General Datatech, LP and/or its affiliates in the U.S. and other countries. Third-party trademarks mentioned or reflected herein are the property of their respective owners. Additionally, the use of the word “partner” does not imply a legal partnership relationship between GDT and any other company.

Connect with us

Copyright © 2019-2024 General Datatech, LP. All rights reserved. GDT names and logos are trademarks, or trademarks Reg. U.S. Pat. & TM Office, of General Datatech, LP and/or its affiliates in the U.S. and other countries. Third-party trademarks mentioned or reflected herein are the property of their respective owners. Additionally, the use of the word “partner” does not imply a legal partnership relationship between GDT and any other company.