Don't Get Caught Up in Yet another Devastating Botnet – IoT Reaper

Redport Information Assurance
In recent cyber threat intelligence reporting by The Hacker News, yet another devastating Internet of Things (IoT) botnet has been discovered in the wild. Ironically, the botnet was discovered on the first anniversary of the Mirai botnet which was known as the biggest IoT malware that had caused a vast internet outage. The new IoT botnet is currently named “IoT Reaper”. The new botnet was discovered by a security research firm named “Qihoo 360” in September, 2017. The malware which establishes the botnet by enslaving systems uses exploits applied to known vulnerabilities that are found in several different IoT devices. The vulnerabilities if not patched will be exploited by IoT reaper. The exploit is able to exploit the following vendor router products; DLink, Netgear, and Linksys and vendor camera products; Goahead, JAWS, and AVTECH and a NVR with the vendor name of Vacron. The botnet is believed to have infected over 2 million IoT devices and the infection rate continues to grow rapidly. There has been up to approximately 10,000 devices infected per day. The malware with its capability of 100 open DNS resolvers can launch immediate DNS amplification attacks. These are also known as Distributed Denial of Service (DDoS) attacks which botnets are well known for especially after the Mirai botnet was launched. Meanwhile, as this devastating malware spreads by enslaving systems and growing out the threat actor’s botnet, there is another botnet spreading as well. The botnet has the same characteristics as IOT Reaper, however it is slightly different according to the researchers at Checkpoint Security. Checkpoint security has named the IoT "IoTroop," this botnet unfortunately, has also infected millions of organizations computer systems and it’s still spreading widely. The IoTroop botnet based malware also takes advantage of vulnerabilities of the vendor products named above. Security researchers also believe that it quite possibly could be the same IoT botnet but it is too early to make that call based on analysis and the two botnets different behaviors. Redport’s CEO Steve Reinkemeyer states that it is vital for organizations to remain vigilant towards ever advancing botnet malware which have been able to take advantage of such vulnerable and unpatched vendor IoT based products. Therefore, all organizations should always be prepared by staying on a regular patch management maintenance regiment in order to protect their most popular IoT devices. By Dr. Randall SylvertoothSource:https://thehackernews.com/2017/10/iot-botnet-malware-attack.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29&_m=3n.009a.1606.qe0ao065ex.yuk

For more information about Redport’s information assurance and cyber security services, visit www.redport-ia.com, email us at info@redport-ia.com, like us on Facebook, and follow us on Twitter@redport_ia.

Gaithersburg, MD, USA