Devastating Mirai variant is back on the hunt for businesses to infect

Security researchers have found a new variant of the malicious botnet that grounded some of the world's biggest tech companies


A new variant of the crushing Mirai botnet, which specifically places enterprises in its crosshairs, has been discovered by security researchers. 

Mirai first shook the world in 2016 and became known for being the worst DDoS attack in history. 

Three years later, Mirai has returned, according to experts from Unit 42, Palo Alto Networks' security arm. It comes with an enhanced arsenal of features which increase the botnet's attack surface but, most pertinently, it has a revised attack strategy.

Mirai is still a botnet designed to exploit IoT devices, but in its latest iteration it seeks out vulnerable business devices - specifically, wireless presentation systems and the TVs used to present to rooms full of clients, partners and colleagues.

Advertisement - Article continues below
Advertisement - Article continues below

"This new Mirai is a perfect example of why every organisation needs to map their own networks from an external point of view and close off everything that is open and does not need to be," said Jamo Niemela, principal researcher at F-secure. "The types of new devices that Mirai attacks have no business of being visible to the Internet."

The WePresent WiPG-1000 wireless presentation system and the LG Supersign TV were the two devices singled-out by researchers as most vulnerable to the attack.

"This development indicates to us a potential shift to using Mirai to target enterprises," said Ruchna Nigam, senior threat researcher at Unit 42.

"The previous instance where we observed the botnet targeting enterprise vulnerabilities was with the incorporation of exploits against Apache Struts and SonicWall."

The new variant of Mirai includes new exploits in its multi-exploit battery as well as new credentials to use in its brute force attacks. In addition, the malicious payload attached to it was hosted at a compromised business website based in Colombia.

These new features, Nigam notes, gives Mirai a larger attack surface than before. By targeting firms which have business-grade bandwidth on their network, the combination can facilitate far larger-scale DDoS attacks.

Advertisement - Article continues below

"These developments underscore the importance for enterprises to be aware of the IoT devices on their network, change default passwords, ensure that devices are fully up-to-date on patches," Nigam added.

"And in the case of devices that cannot be patched, to remove those devices from the network as a last resort."

Last September, Mirai was discovered by Unit 42 attempting to target enterprise networks. As noted above, the previous variant targeted the same Apache Struts vulnerability that hackers used to carry out the infamous and the Equifax data breach.

Mirai has been attributed to a host of cyber attacks since three American twentysomethings launched it in 2016. The FBI has said that it believed the trio was not involved in the massive Dyn attack of 2016, but Mirai was at least part of the attack that hit the DNS provider and a selection of the biggest tech companies in the world.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now


internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020