The Reaper Botnet Could Be Worse Than the Internet-Shaking Mirai Ever Was

The Mirai botnet, a collection of hijacked gadgets whose cyberattack made much of the internet inaccessible in parts of the US and beyond a year ago, previewed a dreary future of zombie connected-device armies run amuck. But in some ways, Mirai was relatively simple—especially compared to a new botnet that’s brewing.

While Mirai caused widespread outages, it impacted IP cameras and internet routers by simply exploiting their weak or default passwords. The latest botnet threat, known as alternately as IoT Troop or Reaper, has evolved that strategy, using actual software-hacking techniques to break into devices instead. It’s the difference between checking for open doors and actively picking locks—and it’s already enveloped devices on a million networks and counting.

On Friday, researchers at the Chinese security firm Qihoo 360 and the Israeli firm Check Point detailed the new IoT botnet, which builds on portions of Mirai’s code, but with a key difference: Instead of merely guessing the passwords of the devices it infects, it uses known security flaws in the code of those insecure machines, hacking in with an array of compromise tools and then spreading itself further. And while Reaper hasn’t been used for the kind of distributed denial of service attacks that Mirai and its successors have launched, that improved arsenal of features could potentially allow it to become even larger—and more dangerous—than Mirai ever was.

“The main differentiator here is that while Mirai was only exploiting devices with default credentials, this new botnet is exploiting numerous vulnerabilities in different IoT devices. The potential here is even bigger than what Mirai had,” says Maya Horowitz, the manager of Check Point’s research team. “With this version it’s much easier to recruit into this army of devices.”

The Reaper malware has pulled together a grab-bag of IoT hacking techniques that include nine attacks affecting routers from D-Link, Netgear, and Linksys, as well as internet-connected surveillance cameras, including those sold by companies like Vacron, GoAhead, and AVTech. While many of those devices have patches available, most consumers aren’t in the habit of patching their home network router, not to mention their surveillance camera systems.

Check Point has found that fully 60 percent of the networks it tracks have been infected with the Reaper malware. And while Qihoo 360’s researchers write that some 10,000 devices in the botnet communicate daily with the command-and-control server the hackers control, they’ve found that millions of devices are “queued” in the hackers’ code, waiting for a piece of automatic “loader” software to add them to the botnet.

Check Point’s Horowitz suggests anyone who fears that their device might be compromised should check the company’s list of affected gadgets. An analysis of the IP traffic from those devices should reveal if they’re communicating with the command-and-control server helmed by the unknown hacker that’s administering the botnet, Horowitz says. But most consumers don’t have the means to do that network analysis. She suggests that if your device is on Check Point’s list, you should update it regardless, or even perform a factory reset on its firmware, which she says will wipe the malware.

As usual, though, it’s not the owners of the infected machines who will pay the real price for allowing Reaper to persist and grow. Instead, the victims would be the potential targets of that botnet once its owner unleashes its full DDoS firepower. In the case of Reaper, the potentially millions of machines it’s amassing could be a serious threat: Mirai, which McAfee measured as having infected 2.5 million devices at the end of 2016, was able to use those devices to bombard the DNS provider Dyn with junk traffic that wiped major targets off the face of the internet in October of last year, including Spotify, Reddit, and The New York Times.

Related Stories

Reaper has shown no signs of any DDoS activity yet, Qihoo 360 and Check Point note. But the malware includes a Lua-based software platform that allows new code modules to be downloaded to infected machines. That means that it could shift its tactics at any time to start weaponizing its hijacked routers and cameras.

Horowitz points out that hacking devices like IP-based cameras en masse doesn’t provide many other criminal uses than as DDoS ammunition, though the motivation for any such DDOS attack is still unclear.

“We don’t know if they want to create some global chaos, or do they have some specific target, vertical, or industry they want to take down?” she asks.

All of that adds up to an increasingly troubling situation: One where the owners of IoT devices are racing with a botnet master to disinfect devices faster than the malware can spread, with serious potential consequences for vulnerable DDoS targets around the world. And given that Reaper has far more sophisticated tools than Mirai, the impending volley of attacks may turn out to be even more dire than the last one.

Tech

A Wedding Ring Spins More Like a Boomerang Than a Coin  

Spin a coin on a flat surface, and it spirals much like a planet orbiting a star — at least until it runs out of steam and rattles to a stop on the table. But spin a wedding ring the same way, and it will make a surprising abrupt turn, following a trajectory more like a boomerang.

Read more…




All articles

China passed 250M 4G users in July, more than double the subscribers in the U.S.

Apple's CEO Tim Cook on a visit to China in 2014. Reuters / China Stringer Network

China’s 4G mobile users surpassed 250 million for the first time at the end of July, according to newly released data (link in Chinese) from China’s Ministry of Industry and Information Technology (hat tip to TechNode). If you throw 3G users into the mix, that number shoots up to a whopping 695 million users, with China’s total mobile user base now at 1.29 billion.

250 million is a milestone to be celebrated — it represents 4G penetration of nearly 20 percent, versus 40 percent (over 100 million) in the US at the end of 2014. Still, the figure belies a slightly shadier forecast: The report made clear that China’s mobile user growth rate so far this year has slowed to just a quarter of what it was over the same period in 2014.

Meanwhile, a separate report by the country’s state-run English-language newspaper China Daily over the weekend notes that the country has achieved this explosive growth in a mere 20 months since regulators first issued telcos 4G licenses. Though, somewhat confusingly, the article pegs the country’s 4G user base at 225 million, possibly in reference to June’s numbers rather than July’s.

Xinhua, the Chinese government’s official press agency, on Monday also had the 250 million number. The same report pointed out that the country’s three telecom giants — China Telecom, China Unicom, and China Mobile (currently the world’s largest telco) — “raked in a total of 75.3 billion yuan (about $ 11.8 billion) in the first half of 2015.” This was largely off the back of continued 4G growth.

Combined, 3G and 4G in the country now have a penetration of close to 54 percent among mobile users, according to the ministry’s report, and while the addition of new subscribers may be slowing, data consumption is through the roof. An average user in China now consumes around 330MB of data per month, almost twice as much (up 85 percent) as 12 months ago.

China’s International Telecommunication Union confirmed that it is actively developing 5G technology and industry, keeping up the blistering pace of development. But there has also been major reshuffling announced Monday at the very top levels of the country’s three telcos as Beijing aims to revamp state-owned firms.

4G growth aside, the broader challenges being faced by China’s volatile economy of late have rocked markets and tech stocks worldwide, leading Apple’s CEO Tim Cook to take the unusual step of issuing a statement to CNBC on Monday in an attempt to soothe investors. Apple, like an increasing number of smartphone makers, is heavily reliant (read: overexposed) on Chinese consumer demand to hit Wall Street’s targets.

More information:

Powered by VBProfiles

VB’s research team is studying web-personalization… Chime in here, and we’ll share the results.



All articles

Placentas Are Amazing Organs, and We’re Learning That They Do So Much More Than Simply Manage the Mo

Placentas are amazing organs, and we’re learning that they do so much more than simply manage the movement of nutrients and wastes between mother and fetus. In this month’s issue of The Scientist, placenta expert Christopher Coe explains its other roles, including hormonal regulation, iron storage, and immune system training.

Read more…




All articles

Related Posts:


All articles