New Mirai Variant Targets Enterprise Networks

Researchers have uncovered a new version of Mirai, the internet-of-things botnet notorious for taking down a number of major sites in 2016, with features that  target enterprise networks.

Palo Alto Networks’ Unit 42 said the new variant surfaced in early January, with the addition of attack capabilities aimed at WePresent WiPG-1000 Wireless Presentation systems and LG Supersign TVs, both of which are intended for business use.

To date, MIrai has targeted household devices such as routers, network storage devices, IP cameras and network video recorders, with exploits against enterprise software or devices remaining rare.

“This development indicates to us a potential shift to using Mirai to target enterprises,” Unit 42 said in an advisory.

Enterprise shift

The firm noted it had previously seen Mirai incorporating exploits against Apache Struts and SonicWall security appliances, both of which are also used by businesses.

Like other botnets, Mirai gains access to devices in order to use their computing power and bandwidth to launch denial-of-service attacks on other services.

Mirai was, however, the first to become known for relying on internet-of-things connected devices, which helped power a 2016 attack on DNS provider Dyn that took down access to a number of major websites.

The new Mirai variant includes a number of new exploits and new credentials for use in gaining brute-force access to devices, Unit 42 said.

Its malicious payload is hosted at a compromised website for a business in Colombia that, ironically, sells electronic security, integration and alarm monitoring services.

The new features give Mirai a larger attack surface, and focusing on enterprises could give it access to more bandwidth, resulting in more firepower for denial-of-service attacks, Unit 42 said.

“These developments underscore the importance for enterprises to be aware of the IoT devices on their network, change default passwords, ensure that devices are fully up-to-date on patches,” the company said.

New exploits

The new variant uses a total of 27 exploits, 11 of which are new to Mirai, although in some cases they have been previously available on the internet.

It also includes new default device credentials, some of which Unit 42 said hadn’t previously been seen.

The new Mirai can scan for other vulnerable devices, as well as launching HTTP Flood and DDoS attacks, Unit 42 said.

Security researcher Troy Mursch of Bad Packets said earlier this week the firm had seen a steady rise in Mirai activity since early January, around the time that Palo Alto Networks discovered the new variant.

Mursch said on Twitter he had seen the “largest spike of activity… in the last two weeks”, indicating attackers’ renewed interest in the botnet.

In recent months Mirai has been linked to illicit Bitcoin mining and a 54-hour-long attack on a US university.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Coronavirus: Samsung, Facebook, Donate Devices To NHS

Samsung donates 2,000 robust smartphones and other equipment for NHS Nightingale hospitals, as Facebook donates 2,050 Portal devices

5 hours ago

Coronavirus: Amazon’s Jeff Bezos Quizzed Over Sacked Worker

Letter to CEO over fired worker, who raised concerns about worker protection and cleanliness of local Amazon facility during pandemic

6 hours ago

Coronavirus: US Senators Advised To Avoid Using Zoom – Report

US Senate reportedly becomes the latest organisation to advise members not to use Zoom, over privacy and security concerns

7 hours ago

Google Told By French Regulator To Pay For Re-using News Or Content

Google has been instructed by the French competition authority to pay French publishers and news agencies for re-using content or…

11 hours ago

Coronavirus: UK, US Warn Hackers Are Exploiting Pandemic

Cybersecurity officials in the UK and US are warning that state-backed hackers and criminals are taking advantage of the Coronavirus…

13 hours ago

Zoom Sued For Security Lapses, Hires Ex-Facebook Security Boss Stamos

Video conferencing app hit with lawsuit for overstating its privacy standards, as it hires former Facebook security executive

1 day ago