Mirai Clone Adds Dozen New Exploits for Targeted Enterprise IoT Devices
- Transfer
Researchers have discovered a new clone of the well-known Mirai botnet focused on IoT devices. This time, embedded devices designed for use in business environments are at risk. The ultimate goal of attackers is to control devices with bandwidth and conduct large-scale DDoS attacks.
The original Mirai appeared in 2016. It infected routers, IP cameras, DVRs, and other devices that often have a default password, as well as devices using outdated linux versions.
A new version of Mirai is designed for corporate devices The
new botnet was discovered by a team of researchers Unit 42from the Palo Alto Network. Its difference from other clones is that it is designed for corporate devices, including WePresent WiPG-1000 wireless presentation systems and LG Supersign TVs.
The remote access execution exploit for LG Supersign TVs (CVE-2018-17173) was available last September. And for the WePresent WiPG-1000, was published in 2017. In total, the bot is endowed with 27 exloits, of which 11 are new. Also, the set of “unusual default credentials” for dictionary attacks has been expanded. The new Mirai variant also targets a variety of embedded hardware, such as:
Remark:The authors of the original Mirai have already been arrested, but the availability of source code published in 2016 allows new attackers to create their own botnets based on it. For example, Satory and Okiru .
At the time of writing the translation, I did not know that there was already a similar article on the hub .
The original Mirai appeared in 2016. It infected routers, IP cameras, DVRs, and other devices that often have a default password, as well as devices using outdated linux versions.
A new version of Mirai is designed for corporate devices The
new botnet was discovered by a team of researchers Unit 42from the Palo Alto Network. Its difference from other clones is that it is designed for corporate devices, including WePresent WiPG-1000 wireless presentation systems and LG Supersign TVs.
The remote access execution exploit for LG Supersign TVs (CVE-2018-17173) was available last September. And for the WePresent WiPG-1000, was published in 2017. In total, the bot is endowed with 27 exloits, of which 11 are new. Also, the set of “unusual default credentials” for dictionary attacks has been expanded. The new Mirai variant also targets a variety of embedded hardware, such as:
- Linksys Routers
- ZTE Routers
- DLink Routers
- Network storage devices
- NVR and IP cameras
“These new features give the botnet a great surface to attack,” Unit 42 researchers said on their blog. “In particular, the focus on corporate communication channels allows him to gain more bandwidth, which ultimately leads to an increase in the botnet’s firepower for DDoS attacks.”This incident emphasizes the need for enterprises to control IoT devices in their network, correctly configure security, as well as the need for regular updates.