 |
Source:
https://ukarmedforcescommentary.blogspot.co.uk/2015/10/the-mystery-of-protector.html
|
Pictured is Her Majesty’s Royal Air
Force Remotely Piloted Air System (RPAS) “Reaper”. An impressive
feat of technical and mechanical engineering. A true vision that
entwines human engineering and intuition. A magnificent demonstration
of controlling device hundreds of thousands of miles away to
investigate a threat or direct an attack. The reaper stands ready,
poised to attack, to swing the scythe at any moment – not unlike
the latest Botnet to threaten the Cyber community, also named Reaper.
A Botnet is a collection of Internet
Connected devices or Internet of Things (IoT) devices which have been
infected with malware. In my previous blogs (Securing the IoT), I
mention the IoT and the threats an insecure IoT can bring – Botnets
being an increased threat. Reaper is not the first Botnet and by any
means, it won’t be the last.
The Mirai Botnet made headlines back in
September of 2016 when it deployed a Distributed Denial of Service
(DDoS) attack and took down a well-known security researchers
website. A DDoS attack is when a plethora of IoT devices direct
traffic at one target. The malware scans IoT devices – such as IP
cameras, routers, toasters… and attempts to brute force or guess
the username and password of a device. Alternatively, the malware was
able to spread by the use of external scanners to locate weak
devices, then brute forcing the credentials once more.
If an IoT device has a default username
and password, the malware can then use Telnet to login and install,
turning it into what’s known as a zombie. These zombies are then
used to direct large scales of traffic at a target. The attack which
took down a security researchers website had a flow of traffic which
reached speeds of 620GBps! Later in 2016, internet blackouts were
seen in America and Europe due to DDoS attacks aimed at an Internet
performance management company - Dyn. Dyn is responsible for
providing Domain Naming Services (DNS). For those who are not aware,
when you type in an internet address (www.) into your browser, a DNS
resolves that “human language” into a language machines can
understand – an IP address. In October 2016, a DDoS attack was
launched on Dyn which resulted in DNS requests being unable to be
processed. Traffic directed at Dyn apparently reached speeds of
1.2TBps, all through using the might of Mirai.
Botnet malware does not render IoT
devices unusable though, commonly – unless anti-malware is
installed, a user will have no contemplation that their device is
actually a zombie, their device will – in most cases, continue to
function as normal.
Mirai used to be the weapon of choice
available to Cyber Criminals. They would use Mirai to hold websites
or infrastructure at ransom, denying their services to the public
unless a substantial fee was paid. Alternatively, Mirai has been used
to cause confusion and panic while other malware was employed to
sneak company Intellectual Property out the back door. That is not to
say Mirai is no longer available, it is! But there’s a new Botnet
in town which some security researchers dub to be Mirai’s younger
bigger brother – Reaper.
Reaper no longer relies on brute
forcing an insecure IoT device. Researchers pin the high infection
rate of Reaper on its ability to utilise software hacking techniques.
This malware is not the booting down doors type – like Mirai, it is
the sophisticated targeted lock picker. Reaper apparently has the
ability to use and exploit Common Vulnerability Exposures (CVEs)
within code, enslaving those systems that have not been patched or
securely configured.
Since September
2017, an estimated one million organisations have been scanned but
with an unknown, definitive number of devices infected. Research
suggests 10,000 devices have already been enslaved, with the Reaper
Command and Control (C2) originating in China. The location of course
can be forged but what is known is that the size of the botnet is not
slowing and Reaper is definitely more sophisticated than Mirai. The
fact that Mirai is still useful to Cyber Criminals to effect
successful DDoS attacks, who can tell the level of devastation or
reward for Cyber Criminals this Botnet may reap.
If anything, this new threat does
highlight the importance of patching your devices and changing the
default credentials of your systems within your home and business.
This will go a long way to help securing our IoT to prevent the
spread of this, future and past Botnets.
“You become a changed
person when you face the reaper and deny him your soul”
Martha Sweeney, Amazon
Best Selling Author
No comments:
Post a Comment