Mirai clone adds dozens of new exploits to targeted corporate IoT devices
Researchers have discovered a new clone of the well-known Mirai botnet, focused on IoT devices. This time, embedded devices for use in business environments are at risk. The ultimate goal of attackers is to control devices with bandwidth and conduct large-scale DDoS-attacks.
The original Mirai appeared in 2016. It infected routers, IP cameras, DVRs and other devices, which often have a default password, as well as devices using outdated versions of linux.
')
The new version of Mirai is designed for corporate devices.
The new botnet was discovered by the team of researchers Unit 42 from the Palo Alto Network. Its difference from other clones lies in the fact that it is designed for corporate devices, including wireless presentation systems WePresent WiPG-1000 and LG Supersign TVs.
Remote access execution for LG Supersign TVs (CVE-2018-17173) was available last September. And for WePresent WiPG-1000, was published in 2017. In total, the bot has 27 exloits, new of which is 11. Also, the set of “unusual default credentials” for dictionary attacks has been expanded. The new version of Mirai also targets a variety of embedded hardware, such as:
Remark:The authors of the original Mirai have already been arrested, but the availability of the source code , published in 2016, allows new attackers to create their botnets based on it. For example, Satory and Okiru .
At the time of writing the translation, I did not know that there was already a similar article on Habré.
The original Mirai appeared in 2016. It infected routers, IP cameras, DVRs and other devices, which often have a default password, as well as devices using outdated versions of linux.
')
The new version of Mirai is designed for corporate devices.
The new botnet was discovered by the team of researchers Unit 42 from the Palo Alto Network. Its difference from other clones lies in the fact that it is designed for corporate devices, including wireless presentation systems WePresent WiPG-1000 and LG Supersign TVs.
Remote access execution for LG Supersign TVs (CVE-2018-17173) was available last September. And for WePresent WiPG-1000, was published in 2017. In total, the bot has 27 exloits, new of which is 11. Also, the set of “unusual default credentials” for dictionary attacks has been expanded. The new version of Mirai also targets a variety of embedded hardware, such as:
- Linksys routers
- ZTE Routers
- DLink Routers
- Network storage devices
- NVR and IP cameras
“These new features give the botnet a large surface to attack,” said Unit 42 researchers on their blog. "In particular, the reference to corporate communication channels allows it to seize more bandwidth, which ultimately leads to an increase in the firepower of a botnet for DDoS attacks."This incident underscores the need for enterprises to monitor IoT devices on their network, intelligent security setup, and the need for regular updates.
Source: https://habr.com/ru/post/444448/
All Articles