A new virus turns Apple computers into bricks. Everyone, everyone, everyone!! reaper: a new virus that will bring down the entire global Internet A new virus that will bring down the entire global Internet

A MASSIVE botnet that has been accumulating over the past few weeks threatens to destroy the Internet, Israeli cybersecurity experts warn.

Botnet (Eng. Botnet, MFA:; comes from the words robot and network) - a computer network consisting of a certain number of hosts, with running bots - autonomous software. Most often, a bot in a botnet is a program that is hidden on devices and allowed to be accessed by an attacker. Usually used for illegal or unapproved activities - sending spam, brute force passwords on a remote system, denial of service attacks (DoS and DDoS attacks).

The new botnet uses all sorts of devices, including WiFi routers and webcams. Once hacked, they will collectively send bursts of data to the servers that power the Internet, causing them to crash and eventually go offline.

Around the same time last year, there was a similar attack caused by the Mirai botnet that shut down the Internet on almost the entire East Coast of the United States.

Now, however, Israeli security researchers at Check Point have discovered what they call an entirely new and more sophisticated botnet whose full activity could unleash a cyberstorm.

A blog post published in Check Point Research reads:

“While we estimate that worldwide, including the US, Australia and certain areas in between, more than a million organizations have already been affected. And their number is only increasing. Our research indicates that we are currently experiencing a period of calm ahead of a very large storm. The next cyber hurricane is coming soon."

Thus, it turns out that the botnet, called Reaper by Israeli specialists, has already infected the networks of at least a million companies. The number of infected devices and computers can no longer be determined.

Using the Check Point Intrusion Prevention System (IPS), researchers have noticed that hackers are increasingly trying to exploit a combination of vulnerabilities found in various smart gadgets. This is their data received during September.

And every day, malware finds more and more vulnerabilities in devices. This is especially true for wireless IP cameras such as GoAhead, D-Link, TP-Link, AVTECH, NETGEAR, MikroTik, Linksys, Synology and others.

It became apparent that the attack attempts came from different sources and different devices, which meant that the attack was propagated by the devices themselves.

One tech site, assessing the threat, warns that this "reaper" will mow down the entire Internet.

Check Point says that while we experience the “calm before the storm,” companies should start preparing early for a Distributed Denial of Service (DDoS) attack that could potentially lock up resources.

DDoS attacks were made famous by the Lizard Squad, a cyber gang that entered the PlayStation Network during Christmas 2014. They involve flooding websites or other targets with overloaded traffic, causing them to collapse. Therefore, security experts of all firms and companies are invited not only to scan their networks, but also to preventively disable the maximum number of gadgets, considering them as infected.

Private device owners are encouraged to do the same, although the only thing non-specialists may notice for themselves is slower connection speeds, especially over Wi-Fi.

Last December, a cyber-attack on Ukraine's electricity grid led to power outages in the northern part of Kyiv, the country's capital, and surrounding areas. But only now, computer security experts have been able to find the culprit behind these cyberattacks on Ukrainian industrial control systems.

Dragos Inc., a Slovak-based antivirus software developer and critical infrastructure protection company, ESET. said they had discovered a dangerous new malware that targets critical industrial control systems and is capable of causing power outages.

In a December 2016 cyber attack against the Ukrainian power grid Ukrenergo, the Industroyer or CrashOverRide (Industroyer/CrashOverRide) worm was used. This is a new, very advanced malware for power grid sabotage. According to computer security experts, CrashOverRide is by far the biggest threat to industrial control systems since Stuxnet, the first malware allegedly developed by the US and Israel to sabotage Iranian nuclear facilities in 2009.

Unlike the Stuxnet worm, CrashOverRide does not exploit zero-day software vulnerabilities to carry out its malicious activities. Instead, it relies on four industrial communications protocols used worldwide in power infrastructure, traffic control systems, and other critical infrastructure systems.

The CrashOverRide malware can control decades-old electrical substation switches and circuit breakers, allowing an attacker to simply turn off power distribution, causing cascading power outages. It may even cause irreparable damage to the control equipment itself.

The industrial malware is a backdoor that first installs four payload components to control switches and circuit breakers. Next, the worm connects to a remote control server to receive commands from intruders.

According to experts from ESET, “CrashOverRide payloads show their developers' deep knowledge in the organization of industrial systems management. In addition, the malware has a number of additional features that allow it to hide from antivirus scanners and remove all traces of its intervention in the computer system. To date, there are only four virus programs that target industrial control systems. It's the infamous Stuxnet, Havex, BlackEnergy and now it's CrashOverRide. But unlike Havex and BlackEnergy, which are designed for industrial espionage, CrashOverRide, like Stuxnet, is a sabotage program.”

Dragos says almost the same about the new worm: “The functions and structure of CrashOverRide do not serve the purpose of industrial espionage. The only real feature of this malware is an attack on control systems that will lead to electrical outages.”

An analysis of the new malware suggests that CrashOverRide, if kept running at full capacity, could cause power outages far more global than those experienced in December 2016 in Ukraine.

The malware includes interchangeable, pluggable components that could allow CrashOverRide to use a wide range of power management utilities or even launch simultaneous attacks against multiple targets. Moreover, depending on the additional modules connected to the virus, it can also be used to strike other infrastructures, such as transport, gas pipelines, or even hydroelectric power plants.

Analyzing the program code of CrashOverRide, the experts came to the conclusion that most likely the virus was developed by a hacker group from Russia, which at one time created the Sandworm worm.

US NIGHTMARE SCENARIO

Just a few weeks ago, literally millions of computers around the world were suddenly attacked by the "WannaCry" computer worm, developed by the US National Security Agency. This malware blocked servers and workstations, requiring infected users to pay $300 to the attackers within a few days. Or the price automatically increased to $600. If the money was never credited to the attacker's account, all information on the disks of the infected computer was completely destroyed.

Nightmare Scenario is an Industroyer/CrashOverRide pairing with a "buyout" module like the one used in Wannacry. If this malware infects control systems, then the first thing their operators will face is that they will not be able to access any switch or system transformer because a ransom will have to be paid for access.

Because the power grid personnel have physical control over both the transformers and all the big circuit breakers, they can do without a ransom. But the problem is that the virus will destroy the factory firmware in each of these devices, and it will take at least a month to change everything everywhere. MONTH that half if not all of the US will sit in the dark and without electricity! What exactly will YOU do if there is no electricity in your house for 30 days?

A MASSIVE botnet that has been accumulating over the course of

the last few weeks, threatens to destroy the Internet, warn
Israeli cybersecurity experts.

Botnet (Eng. Botnet, MPA:; comes from the words robot and
network) - a computer network consisting of a certain number of
hosts running bots - standalone software. More often
a total bot in a botnet is a program that is hidden on
devices and permission to the attacker. Usually used for
illegal or unapproved activities - spamming, brute force
passwords on a remote system, denial of service attacks (DoS and DDoS
attacks).

WiFi routers and webcams. After breaking they will be together
send bursts of data to the servers that run the Internet,
which will cause them to fail and eventually go offline.

Around the same time last year, there was a similar attack caused by
botnet Mirai - she turned off the Internet in almost all of Eastern
US coast.

However, now Israeli security researchers from Check Point
discovered what they called brand new and more complex
botnet, the full activity of which can cause real
cyber hurricane.

“While we are evaluating that around the world, including the US, Australia and
certain areas in between are already affected by more than a million
organizations. And their number is only increasing. Our research
indicate that we are currently experiencing a period of calm before
very big storm. The next cyber hurricane is coming soon."

Thus it turns out that the botnet, called Israeli
Reaper specialists (reaper), has already infected the networks of at least a million
companies. The number of infected devices and computers is no longer amenable to
definition.

Using the Check Point Intrusion Prevention System (IPS)
researchers have noticed that hackers are increasingly trying to
exploit a combination of vulnerabilities found in various
smart gadgets. This is their data received during September.

And every day more and more malware finds
vulnerabilities in devices. This is especially true for wireless IP cameras,
such as GoAhead, D-Link, TP-Link, AVTECH, NETGEAR, MikroTik, Linksys,
Synology and others.

It became clear that the attack attempts came from various sources and
various devices, which meant that the attack was distributed by
devices.

One tech site, assessing the threat, warns that this "reaper" will mow down the entire Internet.

Check Point reports that while we are experiencing "calm before
storm” companies should start preparing for an attack in advance with
distributed denial of service (DDoS), which could potentially
block resources.

DDoS attacks became famous thanks to the Lizard Squad team,
cyber gang that entered the PlayStation Network during Christmas 2014
of the year. They suggest flooding websites or other targets
overload traffic, which causes them to collapse. Therefore, the experts
security of all firms and companies are invited not just to scan
own networks, but also preventively disable the maximum number of
gadgets, treating them as infected.

Private device owners are encouraged to do the same, though
the only thing that non-specialists can notice for themselves is more
slow connection speeds, especially over Wi-Fi.

======================================== =

Rows of powerful botnets for IoT devices (Internet of
Things, IoT) continue to grow. Recently, a new
botnet competitor Mirai and Necurs, called IoT_reaper, with
mid-September grew to gigantic proportions. Estimated
researchers from Qihoo 360 Netlab and Check Point are currently
Currently, the botnet includes about 2 million devices. Mainly
IP cameras, IP network video recorders and digital video recorders.

With the development of the Internet of things (IoT), viruses begin to multiply, with
which can damage the electronics. And the very essence
IoT involves the presence of many connected devices. For botnets
this is a great "habitat": after infecting one device, the virus copies
yourself on all available devices.

At the end of last year, the world learned about the giant (almost 5 million devices)
botnet consisting of routers. Faced with hacking routers and
German telecom giant Deutsche Telekom, whose user
devices were infected with a malware called Mirai. Network
the matter was not limited to equipment: security problems were
found in Miele smart dishwashers and AGA cookers. "Cherry
on the cake" was the BrickerBot malware, which, unlike its "colleagues", does not
simply infected vulnerable devices, and completely disabled them.

The presence on the home network of a poorly configured or containing
IoT device vulnerabilities can lead to dire consequences.
One of the most common scenarios is to turn on the device in
botnet. This is perhaps the most harmless option for its owner, others
use cases are more dangerous. So, devices from the home network
can be used as an intermediate for making
illegal actions. In addition, an attacker who gained access to
IoT device can spy on its owner for the purpose of subsequent
blackmail - history already knows similar incidents. In the end (and this
far from the worst case scenario) the infected device can be
is simply broken.

Previously, Kaspersky Lab specialists conducted an experiment
setting up several traps ("honeypots") that imitated various
smart devices. The first attempts of unauthorized connection to them
experts recorded in a few seconds.

Several tens of thousands of appeals were registered per day.
Among the devices, attacks from which experts observed, more than 63% can be
identify as IP cameras. About 16% were various network
devices and routers. Another 1% fell on Wi-Fi repeaters,
TV set-top boxes, IP telephony devices, Tor exit nodes, printers,
smart home devices. The remaining 20% ​​of devices cannot be unambiguously identified
managed.

Looking at the geographic location of devices, with
IP addresses which experts have seen attacks on honeypots can be observed
the following picture: the top 3 countries included China (14% of attacking devices),
Vietnam (12%) and Russia (7%).

The reason for the increase in the number of such attacks is simple: the Internet of things today
practically not protected from cyber threats. The vast majority of devices
runs on Linux, which makes life easier for criminals: they can write
one piece of malware that will be effective against a large
number of devices. In addition, most IoT gadgets do not have
no security solutions, and manufacturers rarely release updates
security and new firmware.

Recently it became known about the emergence of a new IoT_reaper botnet, which
since mid-September has spread to about 2 million devices,
reported in a study by Qihoo 360 Netlab and Check Point.

According to the researchers, the malware code used to
creating a botnet, includes snippets of Mirai code, but contains
a number of new features that distinguish Reaper from competitors. Its main difference
lies in the distribution method. If Mirai is looking for open
Telnet ports and tries to compromise the device using a list
common or weak passwords, Reaper looks for vulnerabilities
which, in the long run, make it possible to infect a larger number of
devices.

According to Qihoo 360 Netlab, malware includes an environment for
implementation of scripts in the Lua language, which allows operators to
add modules for different tasks, e.g. DDoS attacks, redirects
traffic, etc.

Check Point experts believe that Reaper may for some time
paralyze the internet. "According to our estimates, more than a million
organizations have already been affected by Reaper's actions. Now we are experiencing
calm before a big storm. The cyberstorm is coming soon
Internet," Check Point said in a statement.

Among the infected devices are wireless IP cameras from GoAhead,
D-Link, AVTech, Netgear, MikroTik, Linksys, Synology and others.
Some companies have already released patches that fix most
vulnerabilities. But consumers don't have the habit of installing updates
security for devices.

A MASSIVE botnet that has been accumulating over the past few weeks threatens to destroy the Internet, Israeli cybersecurity experts warn.

Botnet (eng. Botnet, MPA:; derived from the words robot and network) is a computer network consisting of a certain number of hosts, with running bots - autonomous software. Most often, a bot in a botnet is a program that is hidden on devices and allowed to be accessed by an attacker. Usually used for illegal or unapproved activities - sending spam, brute force passwords on a remote system, denial of service attacks (DoS and DDoS attacks).

The new botnet uses all sorts of devices, including WiFi routers and webcams. Once hacked, they will collectively send bursts of data to the servers that power the Internet, causing them to crash and eventually go offline.

Around the same time last year, there was a similar attack caused by the Mirai botnet that shut down the Internet on almost the entire East Coast of the United States.

Now, however, Israeli security researchers at Check Point have discovered what they call an entirely new and more sophisticated botnet whose full activity could unleash a cyberstorm.

“While we estimate that worldwide, including the US, Australia and certain areas in between, more than a million organizations have already been affected. And their number is only increasing. Our research indicates that we are currently experiencing a period of calm ahead of a very large storm. The next cyber hurricane is coming soon."

Thus, it turns out that the botnet, called Reaper by Israeli specialists, has already infected the networks of at least a million companies. The number of infected devices and computers can no longer be determined.

Using the Check Point Intrusion Prevention System (IPS), researchers have noticed that hackers are increasingly trying to exploit a combination of vulnerabilities found in various smart gadgets. This is their data received during September.

And every day, malware finds more and more vulnerabilities in devices. This is especially true for wireless IP cameras such as GoAhead, D-Link, TP-Link, AVTECH, NETGEAR, MikroTik, Linksys, Synology and others.

It became apparent that the attack attempts came from different sources and different devices, which meant that the attack was propagated by the devices themselves.

One tech site, assessing the threat, warns that this "reaper" will mow down the entire Internet.

Check Point says that while we experience the “calm before the storm,” companies should start preparing early for a Distributed Denial of Service (DDoS) attack that could potentially lock up resources.

DDoS attacks were made famous by the Lizard Squad, a cyber gang that entered the PlayStation Network during Christmas 2014. They involve flooding websites or other targets with overloaded traffic, causing them to collapse. Therefore, security experts of all firms and companies are invited not only to scan their networks, but also to preventively disable the maximum number of gadgets, considering them as infected.

Private device owners are encouraged to do the same, although the only thing non-specialists may notice for themselves is slower connection speeds, especially over Wi-Fi.

A cyberstorm is coming that can "break" the Internet

The number of powerful botnets for Internet of Things (IoT) devices continues to grow. Recently, a new competitor to the Mirai and Necurs botnets, called IoT_reaper, has been spotted on the network and has grown to gigantic proportions since mid-September. According to researchers from Qihoo 360 Netlab and Check Point, the botnet currently includes about 2 million devices. These are mainly IP cameras, IP network video recorders and digital video recorders.

With the development of the Internet of things (IoT), viruses begin to multiply, with the help of which you can disable electronics. Moreover, the very essence of IoT implies the presence of many connected devices. For botnets, this is an excellent "habitat": after infecting one device, the virus copies itself to all available devices.

At the end of last year, the world learned about a giant (almost 5 million devices) botnet consisting of routers. German telecom giant Deutsche Telekom also faced hacking routers, whose user devices were infected with malware called Mirai. The matter was not limited to network equipment: security problems were found in Miele "smart" dishwashers and AGA cookers. The "icing on the cake" was the BrickerBot malware, which, unlike its "colleagues", not only infected vulnerable devices, but completely disabled them.

Having a poorly configured or vulnerable IoT device on your home network can have dire consequences. One of the most common scenarios is the inclusion of a device in a botnet. This is perhaps the most innocuous option for its owner, other uses are more dangerous. Thus, devices from the home network can be used as an intermediate link for illegal activities. In addition, an attacker who has gained access to an IoT device can spy on its owner for the purpose of subsequent blackmail – history already knows such incidents. In the end (and this is by no means the worst case scenario), the infected device may simply be broken.

Previously, Kaspersky Lab specialists conducted an experiment by setting up several traps ("honeypots") that imitated various "smart" devices. Experts recorded the first attempts of unauthorized connection to them in a few seconds.

Several tens of thousands of appeals were registered per day. Among the devices from which attacks were observed by experts, more than 63% can be identified as IP cameras. About 16% were various network devices and routers. Another 1% came from Wi-Fi repeaters, set-top boxes, IP telephony devices, Tor output nodes, printers, smart home devices. The remaining 20% ​​of the devices could not be unambiguously identified.

If you look at the geographic location of devices from whose IP addresses experts have seen attacks on honeypots, you can see the following picture: the top 3 countries included China (14% of attacking devices), Vietnam (12%) and Russia (7%).

The reason for the increase in the number of such attacks is simple: the Internet of things today is practically not protected from cyber threats. The vast majority of devices run on Linux, which makes life easier for criminals: they can write one piece of malware that will be effective against a large number of devices. In addition, most IoT gadgets do not have any security solutions, and manufacturers rarely release security updates and new firmware.

Recently it became known about the emergence of a new IoT_reaper botnet, which has spread to about 2 million devices since mid-September, according to a study by Qihoo 360 Netlab and Check Point.

According to the researchers, the malware code used to create the botnet includes snippets of the Mirai code, but contains a number of new features that distinguish Reaper from competitors. Its main difference lies in the distribution method. Whereas Mirai looks for open Telnet ports and attempts to compromise a device using a list of common or weak passwords, Reaper looks for vulnerabilities that could potentially infect more devices.

According to Qihoo 360 Netlab, the malware includes a Lua scripting environment, which allows operators to add modules for various tasks, such as DDoS attacks, traffic redirection, etc.

Check Point experts believe that Reaper can paralyze the Internet for a while. "We estimate that more than a million organizations have already been affected by the actions of Reaper. We are now experiencing the calm before a major storm. The cyberstorm will soon overtake the Internet," Check Point said in a statement.

Among the infected devices are wireless IP cameras from GoAhead, D-Link, AVTech, Netgear, MikroTik, Linksys, Synology and others. Some companies have already released patches that fix most of the vulnerabilities. But consumers are not in the habit of installing security updates for devices.

A MASSIVE botnet that has been accumulating over the past few weeks threatens to destroy the Internet, Israeli cybersecurity experts warn.

Botnet (Eng. Botnet, MFA:; comes from the words robot and network) - a computer network consisting of a certain number of hosts, with running bots - autonomous software. Most often, a bot in a botnet is a program that is hidden on devices and allowed to be accessed by an attacker. Usually used for illegal or unapproved activities - sending spam, brute force passwords on a remote system, denial of service attacks (DoS and DDoS attacks).

The new botnet uses all sorts of devices, including WiFi routers and webcams. Once hacked, they will collectively send bursts of data to the servers that power the Internet, causing them to crash and eventually go offline.

Around the same time last year, there was a similar attack caused by the Mirai botnet that shut down the Internet on almost the entire East Coast of the United States.

Now, however, Israeli security researchers at Check Point have discovered what they call an entirely new and more sophisticated botnet whose full activity could unleash a cyberstorm.

"While we estimate that worldwide, including the US, Australia and certain areas in between, more than a million organizations have already been affected. And the number is only increasing. Our research indicates that we are currently experiencing a period of calm before a very big storm. Next the cyber hurricane is coming soon."

Thus, it turns out that the botnet, called Reaper by Israeli specialists, has already infected the networks of at least a million companies. The number of infected devices and computers can no longer be determined.

Using the Check Point Intrusion Prevention System (IPS), researchers have noticed that hackers are increasingly trying to exploit a combination of vulnerabilities found in various smart gadgets. This is their data received during September.

And every day, malware finds more and more vulnerabilities in devices. This is especially true for wireless IP cameras such as GoAhead, D-Link, TP-Link, AVTECH, NETGEAR, MikroTik, Linksys, Synology and others.

It became apparent that the attack attempts came from different sources and different devices, which meant that the attack was propagated by the devices themselves.

One tech site, assessing the threat, warns that this “reaper will mow down the entire Internet.

Check Point says that while we experience the calm before the storm, companies should start preparing early for a Distributed Denial of Service (DDoS) attack that could potentially lock up resources.

DDoS attacks were made famous by the Lizard Squad, a cyber gang that entered the PlayStation Network during Christmas 2014. They involve flooding websites or other targets with overloaded traffic, causing them to collapse. Therefore, security experts of all firms and companies are invited not only to scan their networks, but also to preventively disable the maximum number of gadgets, considering them as infected.

Private device owners are encouraged to do the same, although the only thing that non-specialists may notice for themselves is slower connection speeds, especially over Wi-Fi.

A cyberstorm is coming that can "break" the Internet

The number of powerful botnets for Internet of Things (IoT) devices continues to grow. Recently, a new competitor to the Mirai and Necurs botnets, called IoT_reaper, has been spotted on the network and has grown to gigantic proportions since mid-September. According to researchers from Qihoo 360 Netlab and Check Point, the botnet currently includes about 2 million devices. These are mainly IP cameras, IP network video recorders and digital video recorders.

With the development of the Internet of things (IoT), viruses begin to multiply, with the help of which you can disable electronics. Moreover, the very essence of IoT implies the presence of many connected devices. For botnets, this is an excellent "habitat": after infecting one device, the virus copies itself to all available devices.

At the end of last year, the world learned about a giant (almost 5 million devices) botnet consisting of routers. German telecom giant Deutsche Telekom also faced hacking routers, whose user devices were infected with malware called Mirai. The matter was not limited to network equipment: security problems were found in Miele "smart" dishwashers and AGA cookers. The "icing on the cake" was the BrickerBot malware, which, unlike its "colleagues", not only infected vulnerable devices, but completely disabled them.

Having a poorly configured or vulnerable IoT device on your home network can have dire consequences. One of the most common scenarios is the inclusion of a device in a botnet. This is perhaps the most innocuous option for its owner, other uses are more dangerous. Thus, devices from the home network can be used as an intermediate link for illegal activities. In addition, an attacker who has gained access to an IoT device can spy on its owner for the purpose of subsequent blackmail - history already knows such incidents. In the end (and this is by no means the worst case scenario), the infected device may simply be broken.

Previously, Kaspersky Lab specialists conducted an experiment by setting up several traps ("honeypots") that imitated various "smart" devices. Experts recorded the first attempts of unauthorized connection to them in a few seconds.

Several tens of thousands of appeals were registered per day. Among the devices from which attacks were observed by experts, more than 63% can be identified as IP cameras. About 16% were various network devices and routers. Another 1% came from Wi-Fi repeaters, set-top boxes, IP telephony devices, Tor output nodes, printers, smart home devices. The remaining 20% ​​of the devices could not be unambiguously identified.

If you look at the geographic location of devices from whose IP addresses experts have seen attacks on honeypots, you can see the following picture: the top 3 countries included China (14% of attacking devices), Vietnam (12%) and Russia (7%).

The reason for the increase in the number of such attacks is simple: the Internet of things today is practically not protected from cyber threats. The vast majority of devices run on Linux, which makes life easier for criminals: they can write one piece of malware that will be effective against a large number of devices. In addition, most IoT gadgets do not have any security solutions, and manufacturers rarely release security updates and new firmware.

Recently it became known about the emergence of a new IoT_reaper botnet, which has spread to about 2 million devices since mid-September, according to a study by Qihoo 360 Netlab and Check Point.

According to the researchers, the malware code used to create the botnet includes snippets of the Mirai code, but contains a number of new features that distinguish Reaper from competitors. Its main difference lies in the distribution method. Whereas Mirai looks for open Telnet ports and attempts to compromise a device using a list of common or weak passwords, Reaper looks for vulnerabilities that could potentially infect more devices.

According to Qihoo 360 Netlab, the malware includes a Lua scripting environment, which allows operators to add modules for various tasks, such as DDoS attacks, traffic redirection, etc.

Check Point experts believe that Reaper can paralyze the Internet for a while. "We estimate that more than a million organizations have already been affected by the actions of Reaper. We are now experiencing the calm before a major storm. The cyberstorm will soon overtake the Internet," Check Point said in a statement.