Researchers have discovered a new clone of the well-known Mirai botnet, focused on IoT devices. This time, embedded devices designed for use in business environments are at risk. The ultimate goal of attackers is to control devices with bandwidth and conduct large-scale DDoS attacks.
Remark:
At the time of writing the translation, I did not know that HabrΓ© already had .
The authors of the original Mirai have already been arrested, but availability , published in 2016, allows new attackers to create their own botnets based on it. For example, ΠΈ .
The original Mirai appeared in 2016. It infected routers, IP cameras, DVRs, and other devices that often have a default password, as well as devices running outdated versions of linux.
New Mirai variant designed for enterprise devices
New botnet discovered by a team of researchers from the Palo Alto Network. Its difference from other clones is that it is designed for corporate devices, including WePresent WiPG-1000 wireless presentation systems and LG Supersign TVs.
The remote access exeqution exploit for LG Supersign TVs (CVE-2018-17173) was made available last September. And for WePresent WiPG-1000, was published in 2017. In total, the bot is endowed with 27 exlayers, of which 11 are new. The set of βunusual default credentialsβ has also been expanded to carry out dictionary attacks. The new Mirai variant also targets various embedded hardware such as:
- Linksys Routers
- Routers
- DLink routers
- Network storage devices
- NVR and IP cameras
βThese new features give the botnet a larger attack surface,β researchers at Unit 42 wrote in a blog post. βIn particular, focusing on corporate communication channels allows it to capture more bandwidth, which ultimately leads to an increase in the firepower of a botnet for DDoS attacks.β
This incident highlights the need for enterprises to control the IoT devices on their network, to properly configure security, and to update regularly.
.
Source: habr.com