Reaper: a new virus that will bring down the entire world Internet. A new virus turns Apple computers into “bricks” A new virus that will bring down the entire world Internet

Botnet (English Botnet, IPA: ; comes from the words robot and network) – computer network, consisting of a certain amount hosts, with running bots - autonomous software. Most often, a bot in a botnet is a program that is hidden on devices and allowed to the attacker. Typically used for illegal or unapproved activities - sending spam, brute-forcing passwords on a remote system, denial of service attacks (DoS and DDoS attacks).

The new botnet uses all sorts of devices, including WiFi routers and webcams. Once hacked, they will collectively send bursts of data to the servers that power the Internet, causing them to crash and eventually go offline.

Around this time last year, there was a similar attack caused by the Mirai botnet that shut down the Internet on almost the entire East Coast of the United States.

Now, however, Israeli security researchers at Check Point have discovered what they call a completely new and more sophisticated botnet, the full activity of which could cause a virtual “cyber hurricane.”

“So far we estimate that more than a million organizations have already been affected worldwide, including the US, Australia and certain areas in between. And their number is only increasing. Our research shows that in this moment We are experiencing a period of calm before a very big storm. The next cyber hurricane is coming soon.”

Thus, it turns out that the botnet, called Reaper by Israeli specialists, has already infected the networks of at least a million companies. The number of infected devices and computers can no longer be determined.

Using Check Point's intrusion prevention system (IPS), researchers have noticed that hackers are increasingly attempting to exploit a combination of vulnerabilities found in various smart gadgets. This is their data received during September.

And every day, malware is discovering more and more vulnerabilities in devices. This is especially true for wireless IP cameras such as GoAhead, D-Link, TP-Link, AVTECH, NETGEAR, MikroTik, Linksys, Synology and others.

It became obvious that the attempted attacks came from different sources and various devices, which meant: the attack was spread by the devices themselves.

One tech site assessing the threat warns that this “reaper” will wipe out the entire Internet.

Check Point says that as we experience the "calm before the storm," companies should begin preparing early for a distributed denial of service (DDoS) attack that could potentially lock up resources.

DDoS attacks were made famous by the Lizard Squad, a cyber gang that entered the PlayStation network during Christmas 2014. They involve flooding websites or other targets with overloaded traffic, causing them to crash. Therefore, security experts of all firms and companies are asked not only to scan their networks, but also to proactively disable the maximum number of gadgets, considering them as infected.

Private device owners are encouraged to do the same, although the only thing non-technical users may notice is slower connection speeds, especially over Wi-Fi.

A MASSIVE botnet that has been building up over the course of

last few weeks, threatens to destroy the Internet, warn
Israeli cybersecurity experts.

Botnet (eng. Botnet, IPA: ; comes from the words robot and
network) - a computer network consisting of a certain number
hosts running bots - autonomous software. More often
in total, a bot within a botnet is a program that is hidden on
devices and permission to the attacker. Typically used for
illegal or unapproved activities - spamming, brute force
passwords on a remote system, denial of service attacks (DoS and DDoS)
attacks).

WiFi routers and webcams. After the hack they will be together
send bursts of data to the servers that support the Internet,
which will lead to their failures and, ultimately, to working offline.

Around this time last year there was a similar attack caused by
Mirai botnet - she turned off the Internet in almost the entire Eastern
US coast.

However, now Israeli security researchers from Check Point
discovered what they called a completely new and more complex
botnet, the full activity of which could cause a real
"cyber hurricane"

“While we estimate that around the world, including the US, Australia and
certain areas in between, over a million have already been affected
organizations. And their number is only increasing. Our research
show that we are currently experiencing a period of calm before
a very big storm. The next cyber hurricane is coming soon.”

Thus, it turns out that the botnet, called by the Israeli
by Reaper specialists (REAPER), has already infected the networks of at least a million
companies. The number of infected devices and computers is no longer possible
definition.

Using Check Point Intrusion Prevention System (IPS)
researchers have noticed that hackers are increasingly attempting to
exploit a combination of vulnerabilities found in different
smart gadgets. This is their data received during September.

And every day more and more malware is being discovered
vulnerabilities in devices. This is especially true for wireless IP cameras,
such as GoAhead, D-Link, TP-Link, AVTECH, NETGEAR, MikroTik, Linksys,
Synology and others.

It became obvious that the attempted attacks came from different sources and
various devices, which meant: the attack was spread by
devices.

One tech site assessing the threat warns that this “reaper” will wipe out the entire Internet.

Check Point reports that while we are experiencing "peace of mind
storm" companies should begin preparing for an attack in advance with
distributed denial of service (DDoS), which could potentially
block resources.

DDoS attacks became famous thanks to the Lizard Squad,
cyber gang that entered the PlayStation network during Christmas 2014
of the year. They involve flooding websites or other targets
overloaded traffic, which causes them to collapse. Therefore, experts
security of all firms and companies is proposed not just to scan
your networks, but also preventively disable the maximum number
gadgets, considering them as infected.

Private device owners are encouraged to do the same, although
the only thing that non-specialists can notice for themselves is that it is more
Slow connection speeds, especially over Wi-Fi.

======================================== =

Rows of powerful botnets for Internet of Things devices (Internet of
Things, IoT) continue to be replenished. Recently a new one was spotted online
competitor to the Mirai and Necurs botnets, called IoT_reaper, with
mid-September grew to gigantic proportions. Estimated
researchers from Qihoo 360 Netlab and Check Point, currently
Currently, the botnet includes about 2 million devices. Mainly
IP cameras, IP network video recorders and digital video recorders.

With the development of the Internet of Things (IoT), viruses also begin to multiply, with
which can be used to damage electronics. Moreover, the essence itself
IoT involves many connected devices. For botnets
this is an excellent “habitat”: having infected one device, the virus copies
yourself on all available devices.

At the end of last year, the world learned about the gigantic (almost 5 million devices)
a botnet consisting of routers. I encountered hacking of routers and
German telecom giant Deutsche Telekom, whose user
The devices were infected with malware called Mirai. Network
the matter was not limited to equipment: there were security problems
found in Miele smart dishwashers and AGA cookers. "Cherry
the “on cake” was the BrickerBot malware, which, unlike its “colleagues”, did not
it simply infected vulnerable devices and completely disabled them.

Availability in home network poorly configured or containing
IoT device vulnerabilities can have dire consequences.
One of the most common scenarios is turning on the device in
botnet This is perhaps the most harmless option for its owner, others
use cases are more dangerous. So, devices from the home network
can be used as an intermediate link to complete
illegal actions. In addition, an attacker who gained access to
IoT device can spy on its owner for subsequent
blackmail - history already knows similar incidents. In the end (and this
far from the worst scenario) an infected device may be
simply broken.

Kaspersky Lab specialists previously conducted an experiment,
setting up several traps ("honeypots") that imitated various
"smart" devices. First attempts at unauthorized connection to them
experts recorded within a few seconds.

Several tens of thousands of requests were registered per day.
Among the devices from which experts observed attacks, more than 63% can be
define as IP cameras. About 16% were various network
devices and routers. Another 1% came from Wi-Fi repeaters,
TV set-top boxes, IP telephony devices, Tor output nodes, printers,
devices" smart home". The remaining 20% ​​of devices cannot be clearly identified
managed.

If you look at the geographical location of devices, with
The IP addresses of which experts saw attacks on honeypots can be observed
the following picture: the top 3 countries included China (14% of attacking devices),
Vietnam (12%) and Russia (7%).

The reason for the increase in the number of such attacks is simple: the Internet of things today
practically unprotected from cyber threats. The vast majority of devices
runs on Linux, which makes life easier for criminals: they can write
one malware that will be effective against a large
number of devices. In addition, most IoT gadgets do not have
no security solutions, and manufacturers rarely release updates
security and new firmware.

Recently it became known about the emergence of a new botnet IoT_reaper, which
since mid-September has spread to approximately 2 million devices,
reported in a study by Qihoo 360 Netlab and Check Point.

According to researchers, the malware code used to
creating a botnet, includes fragments Mirai code, but also contains
a number of new features that differentiate Reaper from its competitors. Its main difference
lies in the method of distribution. If Mirai is looking for open
Telnet ports and tries to compromise the device using the list
common or weak passwords, then Reaper looks for vulnerabilities,
which in the future make it possible to infect a larger number of
devices.

According to Qihoo 360 Netlab, the malware includes an environment for
implementation of scripts in the Lua language, which allows operators
add modules for different tasks, such as DDoS attacks, redirects
traffic, etc.

Check Point experts believe that Reaper can for some time
paralyze the Internet. "We estimate that more than a million
organizations have already been harmed by Reaper's actions. Now we're going through
calm before a strong storm. Cyber ​​hurricane will hit soon
Internet," Check Point said in a statement.

Among the infected devices are wireless IP cameras from GoAhead,
D-Link, AVTech, Netgear, MikroTik, Linksys, Synology and others.
Some companies have already released patches that eliminate most
vulnerabilities. But consumers are not in the habit of installing updates.
security for devices.

A MASSIVE botnet that has been building up over the past few weeks threatens to destroy the Internet, Israeli cybersecurity experts have warned.

Botnet (English Botnet, IPA: ; comes from the words robot and network) - a computer network consisting of a certain number of hosts running bots - autonomous software. Most often, a bot in a botnet is a program that is hidden on devices and allowed to the attacker. Typically used for illegal or unapproved activities - sending spam, brute-forcing passwords on a remote system, denial of service attacks (DoS and DDoS attacks).

The new botnet uses all sorts of devices, including WiFi routers and webcams. Once hacked, they will collectively send bursts of data to the servers that power the Internet, causing them to crash and eventually go offline.

Around this time last year, there was a similar attack caused by the Mirai botnet that shut down the Internet on almost the entire East Coast of the United States.

Now, however, Israeli security researchers at Check Point have discovered what they call a completely new and more sophisticated botnet, the full activity of which could cause a virtual “cyber hurricane.”

A blog post published in Check Point Research reads:

“So far we estimate that more than a million organizations have already been affected worldwide, including the US, Australia and certain areas in between. And their number is only increasing. Our research shows that we are currently experiencing a period of calm before a very big storm. The next cyber hurricane is coming soon.”

Thus, it turns out that the botnet, called Reaper by Israeli specialists, has already infected the networks of at least a million companies. The number of infected devices and computers can no longer be determined.

Using Check Point's intrusion prevention system (IPS), researchers have noticed that hackers are increasingly attempting to exploit a combination of vulnerabilities found in various smart gadgets. This is their data received during September.

And every day, malware is discovering more and more vulnerabilities in devices. This is especially true for wireless IP cameras such as GoAhead, D-Link, TP-Link, AVTECH, NETGEAR, MikroTik, Linksys, Synology and others.

It became obvious that the attack attempts came from different sources and different devices, which meant that the attack was propagated by the devices themselves.

One tech site assessing the threat warns that this “reaper” will wipe out the entire Internet.

Check Point says that as we experience the "calm before the storm," companies should begin preparing early for a distributed denial of service (DDoS) attack that could potentially lock up resources.

DDoS attacks were made famous by the Lizard Squad, a cyber gang that entered the PlayStation network during Christmas 2014. They involve flooding websites or other targets with overloaded traffic, causing them to crash. Therefore, security experts of all firms and companies are asked not only to scan their networks, but also to proactively disable the maximum number of gadgets, considering them as infected.

Private device owners are encouraged to do the same, although the only thing non-technical users may notice is slower connection speeds, especially over Wi-Fi.

Last December, a cyber attack on the Ukrainian electricity grid led to a power outage in the northern part of Kyiv, the country's capital, and surrounding areas. But only now specialists computer security were able to discover the culprit of these cyber attacks on Ukrainian industrial control systems.

Slovakian antivirus software maker ESET and critical infrastructure protection company Dragos Inc. said they had discovered a dangerous new malware that targets critical industrial control systems and is capable of causing power outages.

The December 2016 cyber attack against the Ukrainian power grid Ukrenergo used the Industroyer or CrashOverRide worm (Industroyer/CrashOverRide). This is a new, very advanced malware designed to sabotage power grids. According to computer security experts, CrashOverRide is now the biggest threat to industrial control systems since Stuxnet, the first malware allegedly developed by the US and Israel to sabotage Iranian nuclear facilities in 2009.

Unlike the Stuxnet worm, CrashOverRide does not exploit zero-day software vulnerabilities to carry out its malicious actions. Instead, it relies on four industrial communications protocols used around the world in power infrastructure, transportation control systems, and other mission-critical infrastructure systems.

The CrashOverRide malware can control switches and automatic switches electrical substations, developed decades ago, allowing an attacker to simply disable power distribution, thereby causing cascading power outages. It is even possible to cause irreparable damage to the control equipment itself.

Industrial malicious code is a backdoor that first installs four payload components to manage switches and circuit breakers. Next, the worm connects to remote server control to receive commands from intruders.

As experts from ESET say, “CrashOverRide payloads demonstrate the deep knowledge of their developers in organizing the management of industrial systems. Besides, malware carries a number additional functions, allowing it to hide from antivirus scanners and remove all traces of its interference in computer system. To date, there are only four virus programs targeting industrial control systems. This is the infamous Stuxnet, Havex, BlackEnergy and now, it turns out CrashOverRide. But unlike Havex and BlackEnergy, which are designed for industrial espionage, CrashOverRide, like Stuxnet, is a program for sabotage.”

The Dragos company says almost the same thing about the new worm: “The functions and structure of CrashOverRide do not serve the purpose of industrial espionage. The only real feature of this malware is that it will attack control systems and cause electrical outages.”

Analysis of the new malware suggests that CrashOverRide, if fully operational, could lead to power outages much more widespread than those that occurred in December 2016 in Ukraine.

The malware includes interchangeable, plug-in components that could allow CrashOverRide to use a wide range of power management utilities or even launch simultaneous attacks against multiple targets. Moreover: depending on those connected to the virus additional modules it can also be used to attack other infrastructure, such as transport, gas pipelines or even hydroelectric power plants.

Analyzing the CrashOverRide program code, experts came to the conclusion that the virus was most likely developed by a hacker group from Russia, which at one time created the Sandworm worm.

NIGHTMARE SCENARIO FOR THE USA

Just a few weeks ago, literally millions of computers around the world were suddenly attacked by the "WannaCry" computer worm developed by the Agency. national security USA. This malware locked servers and workstations, requiring infected users to pay the attackers $300 within a few days. Or the price automatically increased to $600. If the money never arrived in the attacker’s account, all information on the disks of the infected computer was completely destroyed.

Nightmare Scenario is an Industroyer/CrashOverRide connection with a ransom module like the one used in Wannacry. If this malware infects control systems, the first thing their operators will face is that they will not be able to gain access to any switches or system transformers because they will have to pay a ransom for access.

Since the power grid personnel physically control both the transformers and all the large switches, they can do without the ransom. But the problem is that the virus will destroy in each of these devices factory firmware and it will take at least a month to change everything everywhere. A MONTH, which is half, if not the entire US will sit in the dark and without electricity! What exactly will YOU do if there is no light in your house for 30 days?

A MASSIVE botnet that has been building up over the past few weeks threatens to destroy the Internet, Israeli cybersecurity experts have warned.

Botnet (English Botnet, IPA:; derived from the words robot and network) is a computer network consisting of a certain number of hosts running bots - autonomous software. Most often, a bot in a botnet is a program that is hidden and accessible on devices and allowed to the attacker. Typically used for illegal or unapproved activities - sending spam, brute force passwords on a remote system, denial of service attacks (DoS and DDoS attacks).

The new botnet uses all sorts of devices, including WiFi routers and webcams. Once hacked, they will collectively send bursts of data to the servers that power the Internet, causing them to crash and eventually go offline.

Around this time last year, there was a similar attack caused by the Mirai botnet that shut down the Internet on almost the entire East Coast of the United States.

Now, however, Israeli security researchers at Check Point have discovered what they call a completely new and more sophisticated botnet, the full activity of which could cause a virtual “cyber hurricane.”

“So far we estimate that more than a million organizations have already been affected worldwide, including the US, Australia and certain areas in between. And their number is only increasing. Our research shows that we are currently experiencing a period of calm before a very big storm. The next cyber hurricane is coming soon.”

Thus, it turns out that the botnet, called Reaper by Israeli specialists, has already infected the networks of at least a million companies. The number of infected devices and computers can no longer be determined.

Using Check Point's intrusion prevention system (IPS), researchers have noticed that hackers are increasingly attempting to exploit a combination of vulnerabilities found in various smart gadgets. This is their data received during September.

And every day, malware is discovering more and more vulnerabilities in devices. This is especially true for wireless IP cameras such as GoAhead, D-Link, TP-Link, AVTECH, NETGEAR, MikroTik, Linksys, Synology and others.

It became obvious that the attack attempts came from different sources and different devices, which meant that the attack was propagated by the devices themselves.

One tech site assessing the threat warns that this “reaper” will wipe out the entire Internet.

Check Point says that as we experience the "calm before the storm," companies should begin preparing early for a distributed denial of service (DDoS) attack that could potentially lock up resources.

DDoS attacks were made famous by the Lizard Squad, a cyber gang that entered the PlayStation network during Christmas 2014. They involve flooding websites or other targets with overloaded traffic, causing them to crash. Therefore, security experts of all firms and companies are asked not only to scan their networks, but also to proactively disable the maximum number of gadgets, considering them as infected.

Private device owners are encouraged to do the same, although the only thing non-technical users may notice is slower connection speeds, especially over Wi-Fi.