Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Reaper IoT Botnet

The new modern attack surface encompasses many emerging technologies such as the Internet of Things (IoT). As IoT becomes more integrated into the business communications path and the security boundary of your organization begins to blur, the risk of vulnerable IoT devices such as routers, cameras and video recorders will continue to increase.

About the Reaper Botnet

On October 20, 2017, researchers at the Chinese security firm Qihoo 360 and the Israeli firm Check Point detailed a new IoT botnet based in part on the Mirai botnet code. The main difference between Mirai and this new botnet is that Reaper relies on exploits instead of brute-forcing passwords as its infection method. The Reaper malware is leveraging nine vulnerabilities affecting home routers made by Linksys and D-Link; IP cameras and digital network video recorders made by VACRON, NUUO, NETGEAR, AVTECH, Maginon, Avacom, and others. Some of these vulnerabilities have patches available but unfortunately, many consumers never take the necessary steps to patch IoT devices in their homes.

Current Impact

Researchers have found that several tens of thousands of devices have been infected and over two million are queued to be infected. At the moment, researchers have only been able to identify from the Command and Control (C&C) that the botnet has focused on growing its numbers and no malicious payload has been seen. However, the code for the malware is a modular one where components can be loaded to expand the botnet’s capabilities, which makes the potential of someone using the botnet for other attacks very high.

Detection of Vulnerable Devices

IoT Reaper Scan

Tenable.io Vulnerability Management and Nessus provide you with plugins to detect IoT devices vulnerable to the Reaper IoT botnet. The vulnerabilities detected are:

Tenable will continue to monitor the Reaper botnet and add additional coverage if new exploits are added to the Reaper malware.

Wrap-up

Botnets often use well-known vulnerabilities & exploits to propagate their code to devices which in turn become bots. These well-known vulnerabilities can often be remediated either through patches or software updates. Implementing a proactive security program that includes regular patching and software updating is one of the best strategies you can use to prevent botnets from growing. Make a regular habit of scanning your IoT devices and updating them as necessary, to protect your assets.

For more information

  • Learn more about Tenable.io, the first vulnerability management platform for all modern assets
  • Get a free 60-day trial of Tenable.io Vulnerability Management

Many thanks to the Tenable research team for their contributions to this blog.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security