Security researchers have uncovered a new variant of the infamous Mirai .
Although the original on the Internet since 2016.
First emerged in 2016, .
New Mirai Variant Targets Enterprise IoT Devices
Now, Palo Alto Network Unit 42 researchers have spotted the newest variant of Mirai that’s for the first time targeting enterprise-focused devices, including WePresent WiPG-1000 Wireless Presentation systems and LG Supersign TVs.
The Mirai variant adds 11 new exploits to its “multi-exploit battery,” making it a total of 27 exploits, as well as a new set of “unusual default credentials” to use in brute force attacks against Internet-connected devices.
“These new features afford the botnet a large attack surface,” Unit 42 researchers reported in a blog post published Monday. “In particular, targeting enterprise links also grants it access to larger bandwidth, ultimately resulting in greater firepower for the botnet for DDoS attacks.”
While a remote code execution exploit for LG Supersign TVs (CVE-2018-17173) was made available in September last year, attack code exploiting a command-injection vulnerability in the WePresent WiPG-1000 was published in 2017.
Besides these two exploits, the new Mirai variant is also targeting various embedded hardware like:
- Linksys routers
- ZTE routers
- DLink routers
- Network Storage Devices
- NVRs and IP cameras
After scanning and identifying vulnerable devices, the malware fetches the new Mirai payload from a compromised website and downloads it on a target device, which is then added to the botnet network and eventually can be used to launch HTTP Flood DDoS attacks.
Mirai is the infamous botnet that was responsible for some of the record-breaking DDoS attacks, including those against France-based in October 2016, allowing attackers to upgrade the malware threat with newly disclosed exploits according to their needs and targets.
“These [new] developments underscore the importance for enterprises to be aware of the IoT devices on their network, change default passwords, ensure that devices are fully up-to-date on patches,” researchers said.
“And in the case of devices that cannot be patched, to remove those devices from the network as a last resort.”
So the takeaway? Make sure you change the default passwords for your internet-connected devices as soon as you bring them home or in office, and always keep them fully updated with new security patches.