A new Mirai variant puts enterprise devices at risk
A New Threat To The Enterprise
A newly discovered variant of Mirai IoT malware, made famous in 2016 as it delivered DDoS attacks, has made an aggressive return. The new variant uses a total of 27 exploits, 11 of which are new to Mirai and some of these features can target enterprise networks.
Researchers at Unit 42 with security firm Palo Alto Networks confirmed the news in a blog post that the new variant surfaced in early January. This new variant is notable for targeting different embedded devices like routers, network storage devices, NVRs, and IP cameras and using numerous exploits against them. The malware was focused on WePresent WiPG-1000 Wireless Presentation systems and LG Supersign TVs, two devices intended for use within business environments.
“This development indicates to us a potential shift to using Mirai to target enterprises,” Unit 42 said in an advisory. Last September, Mirai was discovered by Unit 42 attempting to target enterprise networks. “The previous instance where we observed the botnet targeting enterprise vulnerabilities was with the incorporation of exploits against Apache Struts and SonicWall.” The previous variant targeted the same Apache Struts vulnerability that hackers used to carry out the infamous Equifax data breach.
IoT botnets will always continue to expand their attack area, this can be through using multiple exploits targeting multiple devices, or by adding to the list of default credentials the use with brute force. The new features afford the botnet a larger attack surface, and focusing on enterprises could give it access to more bandwidth, resulting in more firepower for DDoS attacks. Also, the new Mirai can scan for other vulnerable devices, as well as launching HTTP Flood and DDoS attacks, Unit 42 said.
“These developments underscore the importance for enterprises to be aware of the IoT devices on their network, change default passwords, ensure that devices are fully up-to-date on patches,” the company said.