Reaper botnet enlists Internet of Things devices, including the IP cameras and routers from such manufacturers as GoAhead, D-Link, TP-Link, Avtech, Netgear, MikroTik, Linksys, and Synology.
The botnet exploits various known vulnerabilities of IoT gadgets and is considered to more dangerous than Mirai botnet. If launched, it could disrupt thousands of websites and services all over the world. Millions of networks are said to be already affected and waiting in a queue to be enlisted to this network. Such botnet, when launched, is capable of disrupting the whole internet.
Let’s talk about Mirai for a second
Last October the whole Internet was shocked to witness a massive Distributed Denial of Service (Distributed DoS, DDoS) attack against the IT infrastructure conducted by Mirai botnet. It enlisted various Internet of Things devices and made them attack websites or services.
According to multiple reports, this attack in total was conducted by up to 100 000 vulnerable IoT devices. It resulted in issues for 900 000 clients of Deutsche Telekom, users of 2 400 TalkTalk routers, bringing down DNS service provider Dyn and other problems.
Mirai botnet was enabled by the fact that whole series of IoT products are shipped with same log-in credentials that remained unchanged by the users.
By scanning the internet and checking if the log-in was successful, hackers gained access to many IoT devices. They connected those devices to a worldwide net of robots (a botnet), which was then used for bringing down websites, disrupting services and more.
‘Worse than Mirai’ – what does that mean?
Mirai approach was novel, but it used a simplistic way to grow its botnet. Figuratively speaking, Mirai knocked on the door and waited if someone would answer. If not, it would go to a different house.
Hence, instead of knocking on the door, this new generation malware actively breaks into the house. Similarly to Mirai, IoT Reaper uses hacked devices to actively search for new robots to be recruited to the botnet. The actors behind this malware are actively adding exploits to their kit by expanding the potential attack surface.
Combination of these approaches allows IoT Reaper grow at a much faster pace than Mirai.
How CUJO protects your smart home devices?
CUJO provides an additional layer of protection against insecure, out-of-date IoT devices. CUJO, acting as a gateway between the malicious actor and your equipment, would identify attempts to log-in and install malicious code into the device. In such case, you would get a request on your app to confirm this connection. If you do not approve, it will remain blocked: your devices stay safe.
If your device gets infected (or if it was infected before the installation of CUJO), when the day of the attack arrives, CUJO would block all attempts at launching this attack from your home. Your devices would not be a part of bringing down any websites or disrupting any services.
CUJO has a well-trained and tried-by-fire engine that would detect an outgoing DoS attack. Be warned, however, that Mirai-type botnets could be used for many more activities outside DDoS attacks, and these may include breaking into personal networks or leaking of private data.
Our Security Operations team is actively monitoring openly available data about this malware and is continuously improving its list of malicious actors that are threatening any home that has their CUJO.
We will keep you informed about how this story progresses. Read more about how CUJO protects smart home devices in 600+ sparkling reviews on Amazon.