New IoT botnet 'Reaper' wreaks havoc

NOVI, Mich. - Oct. 27, 2017 - PRLog -- 'Reaper', a new IoT botnet expected to be more destructive than Mirai, is spreading worldwide and could target corporates from various industries globally. It shares similar features like Mirai but is capable to exploit certain device vulnerabilities related to the internet connection. Reaper is basically an evolution of Mirai that can cause severe chaos on the Internet. It is quietly growing for over a month now and proliferating among multiple devices connected to million ones.

The main difference between Mirai and Reaper is that Mirai tries to connect devices through telnet protocol with the help of default/ weak passwords and take control. On the contrary, Reaper looks for using exploitations on unpatched devices and takes control of the platform. To be precise, it can keep on growing and connect to all types of criminal activities.

It is said that Reaper has already incarcerated thousands of IoT devices including routers, IP cameras etc. These devices are from firms like D-Link, TP-Link, Netgear, Linksys etc. Now, this botnet is spreading rapidly and could soon threaten more devices similar to that of Mirai botnet.

In order to take preventive measures, simple password up-gradations might not be sufficient though it is highly recommended. Organizations and individuals should ensure that all devices connected to the internet are running the latest firmware versions with security patches included.

Keeping that in mind, it is necessary to be ready for the worst possibilities. The motif of the criminals is still unknown like whether they are doing it for financial gain or spoil any specific brand name. To protect organizations from any data breach or other cyber threats, organizations must segregate information according to critical state and needs to be available anytime, anywhere. In short, security can be built in and around the key areas with a contingency plan.

IOCs of IOT Reaper:

Hash  Detection by eScan
704098c8a8a6641a04d25af7406088e1  Backdoor.Linux.IoTReaper.B
6f91694106bb6d5aaa7a7eac841141d9  Backdoor.Linux.IoTReaper.A

Prevention:

Several measures can be taken to keep botnet attacks at bay. These measures mainly focus on preventing malware infections.

·         Monitoring Network: The performance of Network should be monitored regularly to check for any suspicious behavior.

·         Software patches: All the software needs to be updated with the latest security patches.

·         Vigilance: The users should be trained to stay away from insecure activities that can put them at risk of botnet attacks. These include the opening of phishing emails, downloading attachments or clicking links from unknown sources etc.

·         Anti-Botnet tools: Anti-botnet tools facilitate detection of botnets before any infection occurs. Firewalls and antivirus software include basic tools for detection, prevention and removal of botnets.

Removal:

Removal of Botnets can go beyond removing the same from an infected machine. It often requires shutting down of the C&C server that controls the botnet. It is normally done when an organization is planning to cease an entire botnet rather than healing the infection. For example, Microsoft's campaign against 'Zeus' botnet was one of the popular botnet removal incidents.

About eScan:

eScan is an ISO (27001) certified pure-play enterprise security solution company with over 2 decades of expertise in developing IT security solutions. eScan today has a presence in 12 countries through its offices and subsidiaries. It also boasts of a robust channel partner network of more than 50, 000 partners spread across 190 countries worldwide. It is trusted by more than 6,500 enterprise and corporate users spread across various industry segments such as Government, BFSI, Education, Defense, Telecom, IT & ITeS, Infrastructure, Hospitality, and Healthcare worldwide.

It is powered by some of the latest and innovative technologies, such as Proactive Behavioral Analysis Engine (PBAE) Technology, MicroWorld Winsock Layer (MWL) Technology, Domain & IP Reputation Check (DIRC) Technology, Non-Intrusive Learning Pattern (NILP) Technology, and sophisticated Anti-Virus Heuristic Algorithms that not only provide protection from current threats, but also provides proactive protection against the ever-evolving cyber threats. eScan provides 24x7 free remote support facility to help its esteemed users to provide real-time solutions for security-related issues.

For more information, visit www.escanav.com