Reaper botnet enlists Internet of Things devices, including the IP cameras and routers from such manufacturers as GoAhead, D-Link, TP-Link, Avtech, Netgear, MikroTik, Linksys, and Synology.
The botnet exploits various known vulnerabilities of IoT gadgets and is considered to more dangerous than Mirai botnet. If launched, it could disrupt thousands of websites and services all over the world. Millions of networks are said to be already affected and waiting in a queue to be enlisted to this network. Such botnet, when launched, is capable of disrupting the whole internet.
Let’s talk about Mirai for a second
Last October the whole Internet was shocked to witness a massive Distributed Denial of Service (Distributed DoS, DDoS) attack against the IT infrastructure conducted by Mirai botnet. It enlisted various Internet of Things devices and made them attack websites or services.
According to multiple reports, this attack in total was conducted by up to 100 000 vulnerable IoT devices. It resulted in issues for 900 000 clients of Deutsche Telekom, users of 2 400 TalkTalk routers, bringing down DNS service provider Dyn and other problems.
Mirai botnet was enabled by the fact that whole series of IoT products are shipped with same log-in credentials that remained unchanged by the users.
By scanning the internet and checking if the log-in was successful, hackers gained access to many IoT devices. They connected those devices to a worldwide net of robots (a botnet), which was then used for bringing down websites, disrupting services and more.
‘Worse than Mirai’ – what does that mean?
Mirai approach was novel, but it used a simplistic way to grow its botnet. Figuratively speaking, Mirai knocked on the door and waited if someone would answer. If not, it would go to a different house.
Recent reports indicate that Mirai source code was reprogrammed to leverage a set of standard vulnerabilities of IoT devices.
Hence, instead of knocking on the door, this new generation malware actively breaks into the house. Similarly to Mirai, IoT Reaper uses hacked devices to actively search for new robots to be recruited to the botnet. The actors behind this malware are actively adding exploits to their kit by expanding the potential attack surface.
Combination of these approaches allows IoT Reaper grow at a much faster pace than Mirai.
How CUJO AI protects smart home devices?
CUJO AI provides an additional layer of protection against insecure, out-of-date IoT devices. CUJO, acting as a gateway between the malicious actor and your equipment, would identify attempts to log-in and install malicious code into the device. In such case, you would get a request on your app to confirm this connection. If you do not approve, it will remain blocked: your devices stay safe.
If a device gets infected, when the day of the attack arrives, CUJO AI blocks all attempts at launching this attack from the home. End-user devices would not be a part of bringing down any websites or disrupting any services.
CUJO AI has a well-trained and tried-by-fire engine that would detect an outgoing DoS attack. Be warned, however, that Mirai-type botnets could be used for many more activities outside DDoS attacks, and these may include breaking into personal networks or leaking of private data.