New IoT botnet 'Reaper' wreaks havoc
By: MicroWorld Technologies Inc.
The main difference between Mirai and Reaper is that Mirai tries to connect devices through telnet protocol with the help of default/ weak passwords and take control. On the contrary, Reaper looks for using exploitations on unpatched devices and takes control of the platform. To be precise, it can keep on growing and connect to all types of criminal activities.
It is said that Reaper has already incarcerated thousands of IoT devices including routers, IP cameras etc. These devices are from firms like D-Link, TP-Link, Netgear, Linksys etc. Now, this botnet is spreading rapidly and could soon threaten more devices similar to that of Mirai botnet.
In order to take preventive measures, simple password up-gradations might not be sufficient though it is highly recommended. Organizations and individuals should ensure that all devices connected to the internet are running the latest firmware versions with security patches included.
Keeping that in mind, it is necessary to be ready for the worst possibilities. The motif of the criminals is still unknown like whether they are doing it for financial gain or spoil any specific brand name. To protect organizations from any data breach or other cyber threats, organizations must segregate information according to critical state and needs to be available anytime, anywhere. In short, security can be built in and around the key areas with a contingency plan.
IOCs of IOT Reaper:
Hash Detection by eScan
Several measures can be taken to keep botnet attacks at bay. These measures mainly focus on preventing malware infections.
· Monitoring Network: The performance of Network should be monitored regularly to check for any suspicious behavior.
· Software patches: All the software needs to be updated with the latest security patches.
· Vigilance: The users should be trained to stay away from insecure activities that can put them at risk of botnet attacks. These include the opening of phishing emails, downloading attachments or clicking links from unknown sources etc.
· Anti-Botnet tools: Anti-botnet tools facilitate detection of botnets before any infection occurs. Firewalls and antivirus software include basic tools for detection, prevention and removal of botnets.
Removal of Botnets can go beyond removing the same from an infected machine. It often requires shutting down of the C&C server that controls the botnet. It is normally done when an organization is planning to cease an entire botnet rather than healing the infection. For example, Microsoft's campaign against 'Zeus' botnet was one of the popular botnet removal incidents.
eScan is an ISO (27001) certified pure-play enterprise security solution company with over 2 decades of expertise in developing IT security solutions. eScan today has a presence in 12 countries through its offices and subsidiaries. It also boasts of a robust channel partner network of more than 50, 000 partners spread across 190 countries worldwide. It is trusted by more than 6,500 enterprise and corporate users spread across various industry segments such as Government, BFSI, Education, Defense, Telecom, IT & ITeS, Infrastructure, Hospitality, and Healthcare worldwide.
It is powered by some of the latest and innovative technologies, such as Proactive Behavioral Analysis Engine (PBAE) Technology, MicroWorld Winsock Layer (MWL) Technology, Domain & IP Reputation Check (DIRC) Technology, Non-Intrusive Learning Pattern (NILP) Technology, and sophisticated Anti-Virus Heuristic Algorithms that not only provide protection from current threats, but also provides proactive protection against the ever-evolving cyber threats. eScan provides 24x7 free remote support facility to help its esteemed users to provide real-time solutions for security-related issues.
For more information, visit www.escanav.com
MicroWorld Technologies Inc.