Mumbai: Reaper, the malware that is taking over millions of devices around the world, is a highly evolved and advanced malware capable of taking over devices by identifying and exploiting their vulnerabilities, and hiding its own presence in the device, Maharashtra cyber police officers said on Thursday.
The Hindu had reported on Thursday how Reaper is hacking and taking over 10,000 devices connected to the internet per day and has already assumed control of two million devices. It seems to be focusing on WiFi routers, CCTV cameras and digital video recorders, and is believed to be gathering up bots for a Distributed Denial of Service (DDOS) attack on an unprecedented scale.
Drawing a comparison to the Mirai malware that took over five lakh machines last year, Inspector General of Police Brijesh Singh, Maharashtra Cyber, said, “Mirai was programmed to only hack devices with a certain kind of vulnerability. Reaper is capable of identifying vulnerabilities in devices and coming up with ways to penetrate them based on these, which makes it much more dangerous.”
Hard to track
Mr. Singh said, “Most bots ping their command and control servers (the server from which the malware is controlled) on a regular basis, which can be tracked with the right tool. Bots infected by Reaper send out random pings at irregular intervals and also encrypt the traffic going to the command and control server, making it much harder to track.”
Cyber intelligence experts have also observed that the command and control server of Reaper is rapidly shifting, indicating that the perpetrators have a large number of servers at their disposal.
The amount of damage that Reaper can do using millions of devices at a time is nothing short of immeasurable.
“With only five lakh devices, the people behind Mirai were able to execute a DDOS attack at the rate of several terabytes per second. We are not even sure we have units to measures the intensity of an attack should the perpetrators behind Reaper decide to act tomorrow, or an hour later,” a cyber police officer said.
On Thursday, the State cyber department released an advisory, listing measures that individuals and organisations could take, including security updates, safeguarding of networks with strong firewalls and penetration testing methods, setting strong passwords and keeping an eye out for any abnormal behaviour in a device or network.
Mr Singh said, “The Computer Emergency Response Team has made a tool called Cyber Swachhata Kendra, available on its website, which can be downloaded for free and installed on devices to detect and counter botnet hacking.”
