A new variant of the infamous Mirai botnet has been discovered, this time targeting embedded devices intended for use within business environments to carry out devastating DDoS attacks.
The original creators of Mirai botnet have already been arrested and jailed, variants of the infamous IoT malware, including Satori and Okiru, keep emerging due to the availability of its source code on the Internet since 2016.
Mirai Variant Targets Enterprise IoT Devices
Palo Alto Network Unit 42 researchers have spotted the newest variant of Mirai that’s for the first time targeting enterprise-focused devices, including WePresent WiPG-1000 Wireless Presentation systems and LG Supersign TVs.
The Mirai variant adds 11 new exploits to its “multi-exploit battery,” making it a total of 27 exploits, as well as a new set of “unusual default credentials” to use in brute force attacks against Internet-connected devices.
“These new features afford the botnet a large attack surface,” Unit 42 researchers reported in a blog post published Monday. “In particular, targeting enterprise links also grants it access to larger bandwidth, ultimately resulting in greater firepower for the botnet for DDoS attacks.”
Besides these two exploits, the new Mirai variant is also targeting various embedded hardware like:
- Linksys routers
- ZTE routers
- DLink routers
- Network Storage Devices
- NVRs and IP cameras
After scanning and identifying vulnerable devices, the malware fetches the new Mirai payload from a compromised website and downloads it on a target device, which is then added to the botnet network and eventually can be used to launch HTTP Flood DDoS attacks.