Mirai, the virulent Internet of Things virus that delivered record-setting denial-of-service attacks in 2016, has been updated to target a new crop of devices, including two found inside enterprise networks, where bandwidth is often plentiful, researchers said on Monday.
The virus infects webcams, routers, DVRs, and other Internet-connected devices, which typically ship with default credentials and run woefully outdated versions of Linux that are rarely, if ever, updated. The rapidly spreading Mirai first made a name for itself in 2016, when it helped achieve record-setting DDoS attacks against KrebsOnSecurity and French web-host OVH.
A newly discovered variant contains a total of 27 exploits, 11 of which are new to Mirai, researchers with security firm Palo Alto Networks reported in a blog post Monday. Besides demonstrating an attempt to reinvigorate Mirai’s place among powerful botnets, the new exploits signal an attempt to penetrate an arena that's largely new to Mirai. One of the 11 new exploits targets the WePresent WiPG-1000 Wireless Presentation systems, and another exploit targets LG Supersign TVs. Both of these devices are intended for use by businesses, which typically have networks that offer larger amounts of bandwidth than Mirai’s more traditional target of home consumers.
“These new features afford the botnet a large attack surface,” Palo Alto Networks researcher Ruchna Nigam wrote in Monday’s post, referring to the 11 new exploits. “In particular, targeting enterprise links also grants it access to larger bandwidth, ultimately resulting in greater firepower for the botnet for DDoS attacks.”
Attack code exploiting a WePresent command-injection vulnerability was published in 2017, while a remote code execution exploit for LG Supersign TVs has been available since last September. By being packaged in a new Mirai variant, the exploits become much easier to be actively used to compromise vulnerable devices. Read more