Mirai clone adds a dozen new exploits to target enterprise IoT devices
Researchers have discovered a new clone of the well-known Mirai botnet, focused on IoT devices. This time, embedded devices designed for use in business environments are at risk. The ultimate goal of attackers is to control devices with bandwidth and conduct large-scale DDoS attacks.
The authors of the original Mirai have already been arrested, but availability source code, published in 2016, allows new attackers to create their own botnets based on it. For example, Satory ΠΈ Okiru.
The original Mirai appeared in 2016. It infected routers, IP cameras, DVRs, and other devices that often have a default password, as well as devices running outdated versions of linux.
New Mirai variant designed for enterprise devices
New botnet discovered by a team of researchers Unit 42 from the Palo Alto Network. Its difference from other clones is that it is designed for corporate devices, including WePresent WiPG-1000 wireless presentation systems and LG Supersign TVs.
The remote access exeqution exploit for LG Supersign TVs (CVE-2018-17173) was made available last September. And for WePresent WiPG-1000, was published in 2017. In total, the bot is endowed with 27 exlayers, of which 11 are new. The set of βunusual default credentialsβ has also been expanded to carry out dictionary attacks. The new Mirai variant also targets various embedded hardware such as:
Linksys Routers
Routers
DLink routers
Network storage devices
NVR and IP cameras
βThese new features give the botnet a larger attack surface,β researchers at Unit 42 wrote in a blog post. βIn particular, focusing on corporate communication channels allows it to capture more bandwidth, which ultimately leads to an increase in the firepower of a botnet for DDoS attacks.β
This incident highlights the need for enterprises to control the IoT devices on their network, to properly configure security, and to update regularly.
.