botnet Archives

The IoT Reaper Botnet Predicts a Grim Future

Cyber Attack, Internet of things, IOT, malware, Mirai, Reaper, Security, Security Threatsbotnet, Internet of Things, IoT, malware, Mirai, reaper, securityOphtek, LLC

Feb 2018

With Internet of Things (IoT) devices becoming more prolific at work, their security risks are increasing. In particular, botnets are posing a major threat.

Botnets have been associated with hacking since the start of the 21^st century and don’t show any signs of disappearing soon. Therefore, it’s no surprise that hackers are adopting these services into their attacks on IoT devices. The aim of a botnet is to create a huge network of infected computers connected to the internet to carry out DDoS attacks, spam campaigns and steal data. And, with the proliferation of unsecured IoT devices now online, it’s not hard to see why they’re so attractive to hackers.

One botnet which has been creating a few headlines recently is Reaper, so it’s a good place to start understanding their method of operation and how you can protect yourself.

The IoT Reaper Comes to Town

IoT devices, partly due to their recent emergence, aren’t exactly the most safe and secure devices to be connecting to your organization’s network. Sure, many of them are safe, but there are so many reports of devices being released with vulnerabilities in their code, a lack of firmware updates and default password exploitation issues. Accordingly, the warnings attributed to IoT devices need to be taken seriously. And when it comes to botnets such as Reaper, you can begin to understand why.

The Mirai botnet was the first big hack which took advantage of shortfalls in IoT security and its legacy is Reaper. Evolving the operation and build of Mirai (Reaper even shares some code with it), Reaper is a more sophisticated piece of malware. Mirai’s approach was to act purely as a password cracker, but Reaper is taking nine different approaches to exploit known vulnerabilities in devices manufactured by Linksys, GoAhead and NetGear to name but a few.

Reaper has the potential to create a huge botnet army and, with its myriad infection methods, could carry this out with much more ease than Mirai ever managed. Security researchers Checkpoint even estimate that around one million networks have been scanned in order to begin recruiting vulnerable devices. Reaper is also built to ensure that it can receive regular updates through new script updates and indicates a potential for the malware to be regularly strengthened.

Thankfully, the number of recruited bots has remained relatively low compared to initial estimates with around 10,000 to 20,000 drones being active at any one time. Experts suspect this may be down to poor coding, but with the potential for new updates to be patched into the malware, this could be rectified very quickly. A further benefit to consumers is that the hardware providers being targerted are tight on security and regularly issue firmware updates.

Keeping the Reaper at Bay

Allowing automatic firmware updates – and regularly checking manufacturers’ websites/social media for security updates – is paramount to keeping your organization’s IoT devices secure. Not only can botnets launch global attacks on computer networks, but they can also slow down individual devices and render them redundant.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Increased Necurs Botnet Activity Means More Malware

Securitybotnet, malware, securityOphtek, LLC

Jul 2016

Malware is often forwarded by swarms of infected PCs known as botnets; just recently the Necurs botnet has really ramped up its activity to cause havoc.

The Necurs botnet, which has been active for several months, suddenly went quiet for three weeks, but, on June 22, it was responsible for sending 160 million malicious emails. This is a huge amount of traffic and particularly troubling for businesses.

It’s important that you understand what the Necurs botnet is capable of and how to avoid being swallowed up in its activities, so I’m going to run through how it works.

Understanding a Botnet

First off, we need to understand what a botnet is, so let’s take a look at that.

Although it sounds like a futuristic android, it’s much more contemporary than that. Also known as zombie computers, a botnet is a collection of PCs which have become infected and allowed external users to access them.

In these cases the hackers are looking to exploit these PCs and their bandwidth to carry out all manner of dubious actions. These can range from crippling websites with huge amounts of traffic they can’t cope with (a Distributed Denial of Service Attack) or mass email campaigns containing malicious software.

The botnet ‘army’ is created by exploiting open ports on PCs which allow Trojan viruses to gain access and deliver their payload. The botnet controller then has remote access to many thousands of PC to carry out bigger attacks very quickly.

What Does Necurs Contain?

Necurs main operation, at the moment, is to deliver two particularly nasty packages in the form of Locky and Dridex.

Locky is part of an increasingly popular attack known as ransomware. This malicious software is most often sent as an Office document which requests that you enable macros to translate some nonsensical text. Once this request is approved then Locky gets to work by encrypting your personal files and demanding payment to decrypt them.

Dridex is a piece of malware, also activated by Office documents, which looks to cause financial chaos by stealing banking information such as login credentials. It carries this out by monitoring network activity and taking screenshots of user activity.

Protect Yourself From Necurs

Becoming part of a botnet not only threatens your own security, but also risks the security of millions of other users all over the world. That’s why you need to make sure you’re fully aware of how your PC can become enslaved, so it’s crucial you take the following steps:

Ensure you have a firewall which is turned on at all times. This provides a first line of defense which can monitor any unusual network activity on your PCs.

Botnets love a piece of out-dated software as it provides a vulnerable route into your PCs, so make sure that all patches/updates are installed as soon as possible.

Don’t download any attachments which look remotely suspicious – even if they come from colleagues or family members. Their PCs may have already been infected and are not under their full control anymore.

Take note of any unusual behavior e.g. browsers opening and closing without your input, sudden crashes and long startup/shutdown times. These can all indicate that your PC has become part of a botnet.

Even if you’re not part of a botnet you still need to remain vigilant due to the emails being sent by infected computers. Both Locky and Dridex can create a lot of trouble for businesses, so it’s vital that you don’t fall foul to their deceptive attachments.