Cyberattacks can strike at any time. Here's an overview of various attacks that have hit the headlines this autumn – everything from Bad Rabbit and IoT_reaper to KrackAttacks.

A paper based on research by our Threat Intelligence team.

 

IoT_reaper: connected objects still under fire

First detected on 13 September by security researchers, IoT_reaper appears to be a distant cousin of Mirai, the malware botnet that made a name for itself back in 2016. It targets manufacturers of connected objects, such as wireless IP cameras and routers. And its consequences are a network of infected connected objects – more than two million devices, according to some reports.

Like Mirai, IoT_reaper can infect connected objects, before using its new infected victims to spread further. And this attack seems to exploit a wide range of vulnerabilities – including Dlink, JAWS and Vacron – which are integrated into the malware and above all updated on a regular basis by its authors.

 

KrackAttacks: Wi-Fi at the heart of all the upheaval

This new vulnerability was discovered on 16 October by Mathy Vanhoef, a Belgian researcher, and is a weakness in WPA2 – the protocol which encrypts all data sent between Wi-Fi access points and end users.

It affects people all over the world. Via Wi-Fi networks – including yours – your data is therefore vulnerable to pirating – everything from your emails to your online banking details are at risk.

Since this weakness was first discovered, significant numbers of patches have been deployed to protect all Wi-Fi equipment which uses the WPA2 protocol. But keep a watchful eye over your connected objects, whose maintenance requirements and vulnerabilities are not all the same.

 

Bad Rabbit: much ado about almost nothing?

Since the middle of the night on 24 October, Bad Rabbit has attacked systems in Russia and the Ukraine, before spreading to Turkey, Bulgaria and Germany. Following on from WannaCry and NotPetya, people are now talking about a third massive ransomware attack in Europe. A virus that is distributed by bogus webpages, and which asks you to install a bogus update to Adobe Flash Player. Then once it's installed, it automatically spreads across your network, locking you out of your data and asking you for 0.05 bitcoins (around US$283) as ransom.

Although it is tied to NotPetya, Bad Rabbit is actually slightly different: it uses the EternalRomance exploit to spread, rather than EternalBlue. It also requires human interaction to install itself, in addition to this exploit. Or it creates an entry for itself using brute force applied to usernames, drawing on a list of default passwords.

So first and foremost, Bad Rabbit would appear to be an attack on the common sense of cyber protection. As numbers of cyber-attacks continue to rise, you should warn your employees about fishing, and make sure that you keep your operating systems and applications up-to-date. Good practices which are all the more justified here since the vulnerability exploited by EternalRomance was corrected at the same time as the vulnerability used by WannaCry and NotPetya (patch MS17-010). And a policy that involves strong passwords for your users and administrator accounts is still one of the most important steps in keeping your company safe.

Share on

[juiz_sps buttons="facebook, twitter, linkedin, mail"]
Our Threat Intelligence team has two key missions: to study cyber threats in order to understand them, and to continuously improve the protection offered by Stormshield products. The goal in each case is to contribute to the cybersecurity community's effort to address cyber threats.