A new threat looms large on the horizon of cyberspace. After Mirai and Reaper, cybersecurity agencies have detected a new malware called Saposhi, which is capable of taking over electronic devices and turning them into ‘bots’, which can be then used for any purpose, including a Distributed Denial Of Service attack which, with enough firepower, can cripple entire industries.
A senior cyberpolice official told The Hindu that Saposhi was detected around 15 days ago and is currently being watched and studied.
“Saposhi is similar in its intensity to Reaper, which was taking over millions of devices at the rate of 10,000 devices per day. Various cyber security agencies are currently keeping tabs on it to get a better idea of what it is capable of,” he said.
In October last year, the Computer Emergency Response Team (CERT), a central government body that deals with cyber attacks, had issued an alert about reaper, a highly evolved malware capable of not only hacking devices like WiFi routers and security cameras, but also able to hide its own presence in the bot — a device taken over by a malware.
Sources said that the while the CERT has not yet issued any alert regarding Saposhi, alerts and guidelines as to protecting devices from Saposhi are likely to be issued in the days to come.
“We need to first ensure that the information we have is indeed substantiated before raising alarm bells. Right now, what we know for sure is that Saposhi exists, and is highly capable. Factors like whether it is aimed at any particular kind of device, or has a specific purpose are still being verified,” another officer said.
Malwares like Saposhi, Reaper and Mirai are primarily aimed at DDoS attacks, in which the malware first creates a network of bots — called a botnet — and then uses the botnet to ping a single server at the same time. As the number of pings are far beyond the server’s capacity, the server crashes and denies service to its consumers. For example, if a large enough botnet attacks the server of a fleet cab provider, its server will crash and scores of consumers will be unable to avail of its services.
In July 2016, small and medium internet service providers in Maharashtra fell prey to a DDoS attack, which caused disruption in the services of several Internet Service Providers (ISP) in the State.
In 2016, Mirai, using a botnet of 5 lakh devices, had caused the servers of Dyn, a leading domain name service provider, to crash, affecting services of popular websites like Twitter, Netflix and Reddit.
Meanwhile, officials said that Reaper continues to be a concern.
“Once a malware is out into cyberspace, it is next to impossible to neutralise it. In such a scenario, consistent review of existing security mechanisms is the best course of action to follow. Over the four months since Reaper was released, there have been sporadic instances of consumers of various services, including some leading text messaging apps, being affected. However, we are yet to confirm whether these were due to Reaper,” the officer said.
How a malware works:
- A malware is released into cyberspace, with specific instructions programmed into it. The instructions direct the malware to take over as many devices connected to the internet as possible.
- Depending on its programming, the malware turns internet-connected devices into ‘bots’, and starts building a botnet.
- Malwares like Reaper and Saposhi are capable of identifying weaknesses in devices and exploiting them to turn the devices into bots.
- Once a large enough botnet is created, simultaneous pings are sent to a single server, causing a server failure, which is called a Distributed Denial of Service attack.
- Depending on the size of the botnet, malwares can execute multiple DDOS attacks at the same time, or over a period of time.