A new variant of the infamous Mirai Internet of Things botnet has been discovered by security researchers. This botnet has been found targeting embedded devices that are being used within business environments to attain control over larger bandwidth and perform severe DDoS attacks.
The variants of this IoT malware such as Satori and Okiru, keeps arising as its source code is available on the Internet since 2016. However, the original creators of Mirai has been jailed.
Mirai first appeared in 2016, and it has the ability to infect routers, and security cameras, DVRs, and other smart devices that normally use default credentials and run outdated versions of Linux. The compromised devices are made to form a botnet, which are then used to perform DDoS attacks.
New Mirai Variant Targets Enterprise IoT Devices
The researchers at Palo Alto Network Unit 42 have found a latest variant of Mirai which targets the enterprise-focused devices for the first time. It includes WePresent WiPG-1000 Wireless Presentation systems and LG Supersign TVs.
The Mirai variant adds 11 new exploits to its “multi-exploit battery,” and also a new set of “unusual default credentials” to use in brute force attacks against Internet-connected devices.
According to a blog post by the researchers, when the botnets target enterprise links, it also grants access to larger bandwidth, finally resulting in greater firepower for the botnet for DDoS attacks.
A remote code execution exploit for LG Supersign TVs dubbed as CVE-2018-17173 was made available in September last year, attack code exploiting a command-injection vulnerability in the WePresent WiPG-1000 was published in 2017.
Besides these two exploits, the new Mirai variant also targets various embedded hardware like:
- Linksys routers
- ZTE routers
- DLink routers
- Network Storage Devices
- NVRs and IP cameras
After finding a vulnerable device, the malware gets the new Mirai payload from a compromised website and downloads it on a target device. It is then added to the botnet network and finally be used to launch HTTP Flood DDoS attacks.
Mirai is the botnet that was responsible for some famous DDoS attack such as those against France-based hosting provider OVH and Dyn DNS service that crippled some of the world’s biggest sites, including Twitter, Netflix, Amazon, and Spotify.
The enterprises should be aware of the IoT devices on their network, change default passwords and make sure that devices are fully up-to-date on patches.