Devastating Mirai variant is back on the hunt for businesses to infect

Security researchers have found a new variant of the malicious botnet that grounded some of the world's biggest tech companies


A new variant of the crushing Mirai botnet, which specifically places enterprises in its crosshairs, has been discovered by security researchers. 

Mirai first shook the world in 2016 and became known for being the worst DDoS attack in history. 

Three years later, Mirai has returned, according to experts from Unit 42, Palo Alto Networks' security arm. It comes with an enhanced arsenal of features which increase the botnet's attack surface but, most pertinently, it has a revised attack strategy.

Mirai is still a botnet designed to exploit IoT devices, but in its latest iteration it seeks out vulnerable business devices - specifically, wireless presentation systems and the TVs used to present to rooms full of clients, partners and colleagues.

Advertisement - Article continues below

"This new Mirai is a perfect example of why every organisation needs to map their own networks from an external point of view and close off everything that is open and does not need to be," said Jamo Niemela, principal researcher at F-secure. "The types of new devices that Mirai attacks have no business of being visible to the Internet."

The WePresent WiPG-1000 wireless presentation system and the LG Supersign TV were the two devices singled-out by researchers as most vulnerable to the attack.

Advertisement - Article continues below

"This development indicates to us a potential shift to using Mirai to target enterprises," said Ruchna Nigam, senior threat researcher at Unit 42.

"The previous instance where we observed the botnet targeting enterprise vulnerabilities was with the incorporation of exploits against Apache Struts and SonicWall."

The new variant of Mirai includes new exploits in its multi-exploit battery as well as new credentials to use in its brute force attacks. In addition, the malicious payload attached to it was hosted at a compromised business website based in Colombia.

Advertisement - Article continues below

These new features, Nigam notes, gives Mirai a larger attack surface than before. By targeting firms which have business-grade bandwidth on their network, the combination can facilitate far larger-scale DDoS attacks.

"These developments underscore the importance for enterprises to be aware of the IoT devices on their network, change default passwords, ensure that devices are fully up-to-date on patches," Nigam added.

"And in the case of devices that cannot be patched, to remove those devices from the network as a last resort."

Last September, Mirai was discovered by Unit 42 attempting to target enterprise networks. As noted above, the previous variant targeted the same Apache Struts vulnerability that hackers used to carry out the infamous and the Equifax data breach.

Mirai has been attributed to a host of cyber attacks since three American twentysomethings launched it in 2016. The FBI has said that it believed the trio was not involved in the massive Dyn attack of 2016, but Mirai was at least part of the attack that hit the DNS provider and a selection of the biggest tech companies in the world.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now



K2View innovates in data management with new encryption patent

28 May 2020
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
cyber security

Microsoft AI can detect security flaws with 99% accuracy

20 Apr 2020

Most Popular

Server & storage

Dell EMC PowerEdge R7525 review: An EPYC core density to make Intel weep

26 May 2020
Network & Internet

Intel releases Wi-Fi and Bluetooth driver updates for Windows 10

26 May 2020
Microsoft Windows

Microsoft's latest Windows 10 update is causing yet more issues

26 May 2020