SafeBreach Labs has updated the Hacker's Playbook™ with simulations for a new IoT-based set of attacks, called IoTroop, or Reaper.

Much like the Mirai attack, which used compromised IoT devices to bring down the DYN infrastructure in October 2016, this attack is currently spreading across millions of IoT devices. Once compromised, these devices can be used as attack vectors for further attacks.

Different from the Mirai attack, which used default usernames and passwords to access IoT devices, this IoTroop/Reaper attack instead exploits security weaknesses in various different devices - meaning that even if you have changed your default credentials, your devices may still be vulnerable.

SafeBreach recommends all industries and businesses simulate this attack to identify whether or not they have IoT devices in use that can be compromised, and later used for further attacks. As always, SafeBreach Labs will continue to monitor the situation, and develop new simulations as necessary.

To assess security control effectiveness against techniques involved in this IoT attack, the SafeBreach Breach and Attack Simulation Platform specifically tests the following endpoint and network security controls:

Playbook #1394 - Remote command execution

  • Network Controls - Are security controls in place to prevent remote exploitation of JAWS/1.0 web servers using command injection?

Playbook #1395 - Remote command execution

  • Network Controls - Are security controls in place to prevent remote exploitation of Netgear ReadyNAS using command injection?

Playbook #1396 - Remote command execution

  • Network Controls - Are security controls in place to prevent remote exploitation of Vacron NVR using command injection?

Playbook #1397 - Remote command execution

  • Network Controls - Are security controls in place to prevent remote exploitation of Netgear DGN routers using command injection?

Playbook #1398 - Remote command execution

  • Network Controls - Are security controls in place to prevent remote exploitation of Linksys E1500/E2500 routers using command injection?

Playbook #1399 - Remote command execution

  • Network Controls - Are security controls in place to prevent remote exploitation of Avtech DVR using command injection?

Playbook #1400 - Remote command execution

  • Network Controls - Are security controls in place to prevent remote exploitation of D-Link DIR-600/DIR-300 routers using command injection?

Playbook #1403 - Remote command execution

  • Network Controls - Are security controls in place to prevent remote exploitation of Wireless IP Camera (P2P) using command injection?

Playbook #1404 - Malware Transfer

  • Network Controls - Are security controls in place to prevent the transfer of the reaper IoT botnet between devices within your network?

Additional breach methods added recently include:

The Safebreach Hacker's Playbook™ of breach methods simulates these breach scenarios, and thousands more, without impacting users or infrastructure. Breach methods are constantly updated by SafeBreach Labs, our team of offensive security researchers, to help keep customers ahead of attacks.


Subscribe to blog post