Monday 11 December 2017

Cyber Criminals set to Reap the benefits of an insecure IoT


Pictured is Her Majesty’s Royal Air Force Remotely Piloted Air System (RPAS) “Reaper”. An impressive feat of technical and mechanical engineering. A true vision that entwines human engineering and intuition. A magnificent demonstration of controlling device hundreds of thousands of miles away to investigate a threat or direct an attack. The reaper stands ready, poised to attack, to swing the scythe at any moment – not unlike the latest Botnet to threaten the Cyber community, also named Reaper.

A Botnet is a collection of Internet Connected devices or Internet of Things (IoT) devices which have been infected with malware. In my previous blogs (Securing the IoT), I mention the IoT and the threats an insecure IoT can bring – Botnets being an increased threat. Reaper is not the first Botnet and by any means, it won’t be the last.

The Mirai Botnet made headlines back in September of 2016 when it deployed a Distributed Denial of Service (DDoS) attack and took down a well-known security researchers website. A DDoS attack is when a plethora of IoT devices direct traffic at one target. The malware scans IoT devices – such as IP cameras, routers, toasters… and attempts to brute force or guess the username and password of a device. Alternatively, the malware was able to spread by the use of external scanners to locate weak devices, then brute forcing the credentials once more.

If an IoT device has a default username and password, the malware can then use Telnet to login and install, turning it into what’s known as a zombie. These zombies are then used to direct large scales of traffic at a target. The attack which took down a security researchers website had a flow of traffic which reached speeds of 620GBps! Later in 2016, internet blackouts were seen in America and Europe due to DDoS attacks aimed at an Internet performance management company - Dyn. Dyn is responsible for providing Domain Naming Services (DNS). For those who are not aware, when you type in an internet address (www.) into your browser, a DNS resolves that “human language” into a language machines can understand – an IP address. In October 2016, a DDoS attack was launched on Dyn which resulted in DNS requests being unable to be processed. Traffic directed at Dyn apparently reached speeds of 1.2TBps, all through using the might of Mirai.

Botnet malware does not render IoT devices unusable though, commonly – unless anti-malware is installed, a user will have no contemplation that their device is actually a zombie, their device will – in most cases, continue to function as normal.

Mirai used to be the weapon of choice available to Cyber Criminals. They would use Mirai to hold websites or infrastructure at ransom, denying their services to the public unless a substantial fee was paid. Alternatively, Mirai has been used to cause confusion and panic while other malware was employed to sneak company Intellectual Property out the back door. That is not to say Mirai is no longer available, it is! But there’s a new Botnet in town which some security researchers dub to be Mirai’s younger bigger brother – Reaper.

Reaper no longer relies on brute forcing an insecure IoT device. Researchers pin the high infection rate of Reaper on its ability to utilise software hacking techniques. This malware is not the booting down doors type – like Mirai, it is the sophisticated targeted lock picker. Reaper apparently has the ability to use and exploit Common Vulnerability Exposures (CVEs) within code, enslaving those systems that have not been patched or securely configured.

Since September 2017, an estimated one million organisations have been scanned but with an unknown, definitive number of devices infected. Research suggests 10,000 devices have already been enslaved, with the Reaper Command and Control (C2) originating in China. The location of course can be forged but what is known is that the size of the botnet is not slowing and Reaper is definitely more sophisticated than Mirai. The fact that Mirai is still useful to Cyber Criminals to effect successful DDoS attacks, who can tell the level of devastation or reward for Cyber Criminals this Botnet may reap.

If anything, this new threat does highlight the importance of patching your devices and changing the default credentials of your systems within your home and business. This will go a long way to help securing our IoT to prevent the spread of this, future and past Botnets.

“You become a changed person when you face the reaper and deny him your soul”
Martha Sweeney, Amazon Best Selling Author

No comments:

Post a Comment