Call Us at 866-526-9750

PC Works Plus

Blog

Check out David Wertz's weekly article and information he has shared on LinkedIn
https://www.linkedin.com/in/davidwertz/

Reaper: Massive IoT BotNet poised for what…

Categories: Security

Reaper: Massive IoT BotNet poised for what…

October 25, 2017

Just over a year ago some of the world’s largest websites were taken down for almost a day by “Mirai”.  Mirai is a malware strain that infected the “Internet of Things” (IoT) such as wireless routers, digital video recorders and other smart-devices for use in a massive online attack.

Experts are now warning about a far more powerful strain of IoT malware called “Reaper” and “IoTroop”.  These malware spread by using security holes and vulnerabilities in IoT devices.  Reaper isn’t attacking anyone yet, but there are indications that over a million organizations may already be affected.

On Oct. 19, 2017, researchers from Israeli security firm CheckPoint announced they’ve been tracking the development of a massive new IoT botnet “forming to create a cyber-storm that could take down the Internet.” CheckPoint said the malware, which it called “IoTroop,” had already infected an estimated one million organizations.

What can you do?

The issue lies in vulnerabilities in devices.  The solution is to patch the device by updating the software/firmware.  Unfortunately, vendors of many devices (especially consumer gear) can be very slow to react and provide fixes.

Netlab’s advisory links to patches available for a variety of devices and outlines some of the indicators of compromise.

Firewalls and other security products (Like OpenDNS Umbrella) can tell you if devices on your network are communicating with known “Command and Control” (C2) sites.  However, this level of sophistication is unlikely to be available in the networks of the most likely to be infected (consumer grade equipment).

There will certainly be more to come on this topic.

Educate Yourself!

Checkout free reports and newsletters to educate yourself on Network Security, Data Protection and Tips and Tricks.

Let's Go!