Mirai malware, which can infect and grant even unsophisticated actors control over hundreds of thousands of IoT devices, is responsible for some of the most devastating distributed denial-of-service (DDoS) attacks ever seen.
Just a few years ago, millions of people on the U.S. East Coast were basically left without internet access after a successful attack on Dyn’s DNS services. To illustrate how stupid-powerful the malware is, a lone script-kiddie whose only aim appeared to be crashing Minecraft servers was eventually blamed for the blackout.
The internet really hadn’t seen anything like it. One attack was recorded at 1.1 terabits per second — roughly 50 times more powerful than what “major” DDoS attacks were dishing out at the time. Three 20-somethings, all of whom were barely old enough to drink, pleaded guilty last year to developing Mirai and other botnets. After becoming narcs, each is only serving five-years probation.
On Monday, Unit 42, the global threat intelligence team at Palo Alto Networks, disclosed new research into a Mirai variant that’s picked up some new tricks. This variant includes 11 new exploits (bringing the total to 27) and targets, among other new devices, the LG Supersign TV and WePresent WiPG-1000 Wireless Presentation systems.
“Both these devices are intended for use by businesses,” Unit 42 said, noting the development indicates “a potential shift to using Mirai to target enterprises.”
The report continues:
In addition to this newer targeting, this new variant of Mirai includes new exploits in its multi-exploit battery, as well as new credentials to use in brute force against devices.
Finally, the malicious payload was hosted at a compromised website in Colombia: an “Electronic security, integration and alarm monitoring” business.
Targeting enterprise systems, Unit 42 noted, would seemingly grant the attacker access to larger bandwidth, increasing its firepower.
“IoT/Linux botnets continue to expand their attack surface, either by the incorporation of multiple exploits targeting a plethora of devices, or by adding to the list of default credentials they brute force, or both,” it said.
Manufacturers and consumers alike need to remain vigilant to prevent the ever-growing number of IoT devices in households from being conscripted into botnets by angry gamers/future FBI informants with far too much time on their hands.
Please remember to always ensure that your TVs, refrigerators, and internet-connected dildos are fully up-to-date on patches and always… always, always change the default passwords. Thank you.