The Maharashtra Cyber Cell Department has sent out an advisory to inform the public, government departments & corporates about a new botnet named ‘Reaper’ (or ‘IoTroop’) which is spreading in many countries across the globe.
It is a combination of robot and network. In layman’s language, it is a collection of the internet- connected devices, such as PCs, servers, mobile devices and internet of things (IoT) devices that are infected remotely by threat actors or group of attackers. These are intended to create email spams and DDoS attacks.
It looks for vulnerable devices across the internet to infect as many connected devices as possible and uses the computing power & resources of those devices for automated tasks that generally remain unnoticed to the users of the devices.
‘Reaper’ is a botnet that uses advanced brute forcing and hacking techniques to break into IoT devices, such as wireless IP cameras and routers that are not properly secured (including weak or default password protection). Hackers are using the pre-set list of modules as well as programs that search for vulnerabilities of IoT devices.
Last year, another botnet named ‘Mirai’ broke targeted devices by guessing their ‘admin passwords’; however, Reaper is using an advanced version of the Mirai’s code to exploit known security vulnerabilities and then look for other devices for further spreading the infection. Thus, Reaper is recruiting IoT devices & spreading continuously and has possibilities of a potential distributed denial-of-service (DDoS) attack like its predecessor, Mirai.
• Routers: D-link, TP-link, Netgear, Linksys, MikroTik, etc. • IP based surveillance CCTV cameras: Vacron, AVTECH, Goahead, JAWS, etc.
This is what you should do in case of a virus attack
• Keep updating the security updates/patches pushed by IoT device OEMs.
• Safeguard your network using various methods including penetration testing, proactive network management wherever applicable. It is also imperative to set up a strong firewall that protects network-connected devices from brute force attacks.
• Choose strong passwords (uppercase, lowercase, numbers, special characters) for personal devices. Never use default passwords.
• Organizations should enforce a strong password policy and measures such as the addition of intrusion detection systems, use of secure protocols (VPN and SSH), etc. to prevent brute force attacks.
• Use best practices such as strong encryption cipher (instead of mere authentication mechanisms) for all network traffic flow.
• Minimize Non-Critical Network Exposure by switching off all unused features and services that are not in use.
• In case you suspect an abnormal activity in your device, you may consider deleting the malware by a factory reset
Share
Tweet
