New Mirai variant found in the wild

By Dylan Bushell-Embling
Thursday, 21 March, 2019

A new variant of the infamous IoT botnet Mirai has emerged, which appears to be focused on targeting embedded devices used in the enterprise.

The Mirai variant, discovered by Palo Alto Networks’ Unit 42, targets embedded devices including presentation system devices, surveillance systems and network storage devices intended for use by businesses.

As before, the malware payload is designed to incorporate infected devices into a botnet with a large attack surface that can be used to mount large-scale DDoS attacks. Targeting enterprise devices potentially gives attackers even greater bandwidth for use in these attacks.

In addition to newer targeting, the new variant includes new 11 new exploits in its arsenal of 27 exploits, as well as new credentials to use in brute force attack attempts on targeted devices.

Devices targeted by the new exploits include surveillance systems, routers and wireless access points. Affected vendors include LG, DLINK, Netgear, ZTE and Linksys.

This malicious payload was discovered hosted at a compromised website in Colombia belonging to an electronic security, integration and alarm monitoring business.

In response to the discovery, Unit 42 is urging enterprises to be aware of the IoT devices on their network, change default passwords and ensure that devices are fully up to date on patches. Devices that cannot be patched may need to be removed from the network as a last resort.

Image credit: ©stock.adobe.com/au/Glebstock

Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.