In the first of a new series in which FTI Consulting experts answer timely questions about matters affecting business, FTI's Head of Cybersecurity, Anthony J. Ferrante, offers insight about Reaper, a malware that can lie dormant in corporate computer systems.
ou should very much fear the Reaper, just as you should fear the possibility of any malware infecting your computer system — even if your system shows no obvious signs of infection.
To understand the risk of Reaper, let’s first define some terms. Malware is an umbrella term that encompasses harmful software. Some malware strikes immediately and seizes control of a computer system. Others lie dormant without detection, creating vulnerabilities in a system that can be exploited later.
Reaper lies dormant. First spotted by researchers at an Israeli security firm in October 2017, it seeks out devices connected to the Internet of Things (IoT) to gain access to larger computer systems. It then recruits those devices to a network called a “botnet.” Botnets are capable of stealing data, sending spam, and performing countless destructive actions that can slow down or even upend an organization’s operations.
"In the US, Reaper has the potential to reach as many as two million devices."
The rise of Reaper has eerily mirrored an earlier malware called Mirai, which crashed 900,000 routers in November 2016. In fact, much of Reaper has been built off of Mirai. But unlike its predecessor, Reaper uses a more efficient process to attempt to penetrate a network. It pokes and pries at devices until it finds a way in, and then it spreads by sending malicious code to different devices. So far, Reaper has infected an estimated 60 percent of Israeli IoT networks. In the US, Reaper has the potential to reach as many as two million devices.
What’s most concerning for organizations, however, is the fact Reaper may have already impacted network devices without any indication of attack.
The best way to protect your organization is to remain vigilant and maintain a proactive strategy. IT services should check to make sure that their networks aren’t part of the vulnerability problem. There are specific security patches available through vendors, along with indicators of compromise and the location of various Reaper control networks that your security professionals should track.
Because so many IoT devices are in the hands of employees, they are particularly vulnerable to Reaper. Employees may not update their device firmware or miss out on notification from vendors. Furthermore, these updates can be difficult to install, and if not done properly, can result in faulty service that will offer little to no protection.
Thus, frequent and standardized outreach to all employees that emphasizes the need to update devices is imperative. And, if possible, an IT expert must confirm device management is done properly.
Anthony J. Ferrante is Senior Managing Director and Head of Cybersecurity in FTI Consulting’s Global Risk & Investigation Practice. He is the former Director for Cyber Incident Response at the U.S. National Security Council and the former Chief of Staff of the Federal Bureau of Investigation’s Cyber Division.