WHAT IS THE REAPER BOTNET
Last month a new "Internet of Things" (IoT) malware was announced; a strain called Reaper. Researchers from China and Israel reported that more than a million organizations are targeted by and vulnerable to this. The software is a variation of the Mirai botnet and targets newfound security weaknesses in countless Internet routers, security cameras and digital video recorders (DVRs).
Researchers believe Reaper has currently infected devices is fluctuating between 10,000 and 20,000 but a botnet vulnerability scan of the Internet has revealed an additional 2 million hosts that are vulnerable to this strain of attack. If criminals haven't yet built a million-strong botnet using the current pool of vulnerable devices, they certainly have the capacity to do so. At the flick of a switch, additional Reaper nodes could be subsumed into the botnet and used to launch a devastating attack.
Cybersecurity experts have determined that it is likely intended for use as a booter/stresser service primarily serving the intra-China DDoS-for-hire market. Reaper appears to be a product of the Chinese criminal underground; some of the general Reaper code is based on the Mirai IoT malware, but it is not an outright Mirai clone.
HOW IT IS DIFFERENT FROM MIRAI
While Reaper borrows programming code from Mirai, it is unlike Mirai in several aspects. Mirai which infects systems after trying dozens of factory-default username and password combinations, Reaper targets nine security holes across a range of consumer and commercial products. About half of those vulnerabilities were discovered only in the past few months, and so a great many devices likely remain unpatched against Reaper.
WHAT THIS MEANS TO YOU
This problem of IoT Cybersecurity is not going away. New variations will continue to be rolled out putting many integrators and users into a never ending cycle of whackamole. Trying to patch and update these devices as needed daily is ultimately a sisyphean effort.
Since we cannot possibly keep track of the vulnerability status of each and every IoT device we add to our network, or the many unknown "Bring Your Own Device" (BYOD) activities of our end user, we must strive to limit the exposure and damage to these devices by building an IoT sandbox environment in our networks. By isolating the IoT and BYOD devices from standard network traffic, we can implement more draconian rules and limitations to protect these devices from botnet attacks and limit their impact on the rest of the more critical aspects of our networks.
Have questions of how to accomplish this? Feel free to email or call us at FIREFX.