A new cyber threat targeting Internet-connected devices is spreading rapidly and could enable hackers to access users’ data or use their devices for criminal activities, the Singapore Computer Emergency Response Team (SingCERT) warned on Sunday (October 22).
The threat, which resembles last year’s widespread Dyn attack, one of the largest DDoS (distributed denial-of-service) attacks so far, has reportedly infected nearly two million devices around the world. The number is “actively growing”, said SingCERT. “As the threat continues to grow, it could cause devastating effects through DDOS attacks as seen in the Dyn incident.”
Last October, a large scale DDoS attack hit United-States-based Domain Name Services (DNS) service provider Dyn, taking out many popular websites including Twitter, Netflix and PayPal.
The malware had also used Internet-connected devices, such as webcams, to carry out the attack.
This time round, the threat, known as the Reaper malware, exploits “known vulnerabilities in devices”, noted SingCERT, which is under the Cyber Security Agency (CSA).
This means that it will actively seek out vulnerable devices that are unpatched and infect them.
Devices that are reported to be vulnerable include D-Link, Netgear and Linksys routers, and web cameras from AVTECH, JAWS and Goahead, according to the SingCERT alert. The list is set to grow, with the malware evolving to target more types of devices.
If compromised by the Reaper malware, hackers could take control of the devices.
“This means the hacker can potentially access the content in the device, including any personal or sensitive data that is within the system, for example data in CCTV/IPcam feeds, or sensitive photos and documents in storage devices,” said SingCERT.
“The compromised device would also likely become part of a botnet infrastructure and may be used for all kinds of malicious or criminal activities. The malware has been observed to be evolving to include more target devices, ranging from IP-based cameras, routers, storages devices to wi-fi points,” it said.
Users of Internet-connected devices must install software updates regularly, so the vulnerabilities are patched. They should also turn off remote access to these devices, in case hackers access them remotely.
Default generic passwords that come with such devices, which hackers can discover easily, should also be changed, said SingCERT.