COMMENT
M
ove over Mirai. There’s a new
monstrous botnet in town.
The newly-discovered botnet,
dubbed ‘Reaper’ or ‘IoTroop’, appears
to be a more powerful strain of Internet
of Things (IoT) malware than Mirai, the
previous holder of the IoT botnet crown.
And while Reaper hasn’t yet launched
an attack, security researchers warn that
it may only be a matter of time.
Researchers from Check Point
announced their discovery of Reaper
on 19 October, claiming that it could
potentially “take down the Internet.”
Where Mirai used factory-default or
hard-coded usernames and passwords
to infiltrate and eventually take control
of IoT devices, Reaper exploits known
security vulnerabilities across IoT
devices makers, such as AVTECH, D-Link,
Netgear, Linksys and more, according to
KrebsonSecurity.
Infiltrating IoT
administration can help protect devices
from Reaper, should it become active.
Mohammed Al-Moneer, Regional
Director, MENA, A10 Networks
“It is too early to guess the intentions
of the threat actors behind it, but with
previous botnet DDoS attacks essentially
taking down the Internet, it is vital that
organisations make proper preparations
and defence mechanisms are put in
place before an attack strikes,” Check
Point wrote.
What makes Reaper and other IoT-
based attacks particularly scary is
their breadth and sophistication.
For example, IoT attacks don’t rely
on spoofing to create wide attacks,
instead, they are real endpoints with
real IP addresses, making it more
difficult to block each individual
device that is sending attack traffic.
Additionally, IoT attacks are distributed
globally and each IP has to be treated
differently – an organisation can’t just
block a network segment or a country’s
IP range to defend against it. Protect yourself
IoT attacks can have wider breath of
attacking capabilities than traditional
attack strategies. For example, previous
huge-volume attacks used reflection
(such as DNS or NTP) to create volume,
meaning thousands of open resolvers
(DNS reflection case) would be tricked
into generating a huge traffic load. IoT
attacks, on the other hand, have a vast
swath; millions of IoT devices can each
generate individual traffic that can swell
into gargantuan attacks. It is imperative for DDoS defence
solutions to understand traffic patterns
and behaviours to block anomalous
traffic while allowing real user traffic to
continue to pass through. Identifying and
analysing threats quickly is also necessary.
And while there have been no confirmed
reports of Reaper being used to carry out
an attack, the potential for DDoS attacks
looms, especially considering that Mirai
was used to launch some of largest DDoS
attacks on record, including attacks up to
and exceeding 1 Tbps.
www.intelligentcio.com
Should Reaper take the same track as
Mirai and be leveraged to launch IoT-
fuelled DDoS attacks, it’s important to
be protected. High-performance DDoS
detection and mitigation are must-
haves in the battle against IoT botnets
and the sophisticated multi-vector
DDoS attacks they power. Organisations
need swift, surgical detection and rapid
mitigation to ensure services aren’t
disrupted and that legitimate traffic can
still get through during wartime.
And for additional real time protection,
organisations should implement a
hybrid DDoS protection model that
combines the power of on-premise
DDoS defence with cloud capabilities to
combat high-volume DDoS attacks.
Update IoT devices
Another preventative measure is to
update your devices. Updating IoT
devices with new code and turning
off features that involve WAN-based
While Mirai was primed with a list of
default usernames and passwords of
devices throughout the Internet, Reaper
uses a set of exploits seen in various
devices, meaning that without any
knowledge of a username or password,
someone may be able to get in by
leveraging one of these exploits. Failing
to update devices and turn off WAN-
style features could leave your admin
password exposed, regardless of how
complex it is.
Defending against current and
future threats with A10 Networks
A10 Thunder TPS is the world’s highest-
performance DDoS defence solution. It
detects and mitigates megabit to terabit
DDoS attacks at the network edge. TPS
can process more than 500,000 flows
per second and can scale up to 2.4 Tbps
with a list synchronisation cluster.
Thunder TPS is unrivalled, delivering an
industry-leading 300 Gbps with 440
Mpps in a single appliance – offering up
to 11 times the performance of legacy
solutions. And it goes beyond traditional
DDoS defence.
Thunder TPS can track up to 128 million
individual IP addresses – whether
IoT device IP addresses or legitimate
users – to defend against the breadth
that makes IoT attacks so devastating.
Also, Thunder TPS leverages a massive
class-list size of 96 million entries with
integrated threat intelligence to identify
and block known infected IoT devices at
Internet scale.
A10 also offers the A10 Threat
Intelligence Service, in partnership
with ThreatSTOP, which is constantly
updated with the latest threat
information to blacklist and whitelist
traffic to ensure bad traffic is blocked
before it can enter the network and
wreak havoc.
It works by continuously charting
potential threats and intruders and
empowers customers to leverage
global knowledge to block traffic that
is considered malicious to prevent
zero-day attacks, block command and
control computers from communicating
with your network and to cloak your
INTELLIGENTCIO
23