Infected connected objects, Wi-Fi flaws and evolving ransomware: we take a look at recent major events in cybersecurity
03 11 2017
Cyberattacks can strike at any time. Here's an overview of various attacks that have hit the headlines this autumn – everything from Bad Rabbit and IoT_reaper to KrackAttacks.
IoT_reaper: connected objects still under fire
First detected on 13 September by security researchers, IoT_reaper appears to be a distant cousin of Mirai, the malware botnet that made a name for itself back in 2016. It targets manufacturers of connected objects, such as wireless IP cameras and routers. And its consequences are a network of infected connected objects – more than two million devices, according to some reports.
— McAfee (@McAfee) 28 octobre 2017
Like Mirai, IoT_reaper can infect connected objects, before using its new infected victims to spread further. And this attack seems to exploit a wide range of vulnerabilities – including Dlink, JAWS and Vacron – which are integrated into the malware and above all updated on a regular basis by its authors.
Want to know more about Botnets? Our experts dissected one on their autopsy table and detailed the experience in our blog.
KrackAttacks: Wi-Fi at the heart of all the upheaval
This new vulnerability was discovered on 16 October by Mathy Vanhoef, a Belgian researcher, and is a weakness in WPA2 – the protocol which encrypts all data sent between Wi-Fi access points and end users.
It affects people all over the world. Via Wi-Fi networks – including yours – your data is therefore vulnerable to pirating – everything from your emails to your online banking details are at risk.
Since this weakness was first discovered, significant numbers of patches have been deployed to protect all Wi-Fi equipment which uses the WPA2 protocol. But keep a watchful eye over your connected objects, whose maintenance requirements and vulnerabilities are not all the same.
Bad Rabbit: much ado about almost nothing?
Since the middle of the night on 24 October, Bad Rabbit has attacked systems in Russia and the Ukraine, before spreading to Turkey, Bulgaria and Germany. Following on from WannaCry and NotPetya, people are now talking about a third massive ransomware attack in Europe. A virus that is distributed by bogus webpages, and which asks you to install a bogus update to Adobe Flash Player. Then once it's installed, it automatically spreads across your network, locking you out of your data and asking you for 0.05 bitcoins (around US$283) as ransom.
— Joseph Cox (@josephfcox) 24 octobre 2017
Although it is tied to NotPetya, Bad Rabbit is actually slightly different: it uses the EternalRomance exploit to spread, rather than EternalBlue. It also requires human interaction to install itself, in addition to this exploit. Or it creates an entry for itself using brute force applied to usernames, drawing on a list of default passwords.
— JR (@JR0driguezB) 24 octobre 2017
So first and foremost, Bad Rabbit would appear to be an attack on the common sense of cyber protection. As numbers of cyber-attacks continue to rise, you should warn your employees about fishing, and make sure that you keep your operating systems and applications up-to-date. Good practices which are all the more justified here since the vulnerability exploited by EternalRomance was corrected at the same time as the vulnerability used by WannaCry and NotPetya (patch MS17-010). And a policy that involves strong passwords for your users and administrator accounts is still one of the most important steps in keeping your company safe.