Mirai variant picks up new tricks, expands list of targeted devices
Mirai, the infamous malware that turns Linux-based IoT devices into remotely controlled bots, has been updated to target new devices and device types.
Among these are LG SuperSign TVs (TV solutions meant to be installed in public areas and display information, images, video aimed at customers and employees) and WePresent WiPG-1000 Wireless Presentation systems, both of which are intended for use in business settings.
About this newest Mirai variant
Since it’s initial and spectacular entry on the world stage in late 2016, Mirai has been copied and developed and has gained increased effectiveness.
This latest variant, spotted by Palo Alto Networks researchers, uses 27 exploits, 11 of which are new to it, and wields four new sets of default login credentials to brute-force devices with.
The newer exploits are for targeting the aforementioned LG and WePresent devices, DLink network video cameras and routers, Zyxel routers, and assorted Netgear devices, routers and wireless controllers.
The LG and WePresent exploits have been public for a while, but have only recently been added to Mirai’s arsenal.
“These new features afford the botnet a large attack surface. In particular, targeting enterprise links also grants it access to larger bandwidth, ultimately resulting in greater firepower for the botnet for DDoS attacks,” the researchers pointed out.
They also shared that, in addition to scanning for other vulnerable devices, the new Mirai version can be commanded to send out HTTP Flood DDoS attacks.
The problem with IoT
IoT malware continues to be a nuisance because:
- Most manufacturers still don’t insist on users changing the default device password before being able to use it, are slow to push out fixes for known flaws and don’t provide an automatic security updating option.
- Most users still don’t know much about managing their IoT devices, don’t change default access credentials (although advised to), and don’t update their devices regularly.
In the meantime, users are advised to do what they can to protect themselves and others. Unfortunately, they are often not knowledgeable enough to so or to spot/identify infected devices, as they mostly continue to function normally.