Devastating Mirai variant is back on the hunt for businesses to infect

Security researchers have found a new variant of the malicious botnet that grounded some of the world's biggest tech companies

Hacking

A new variant of the crushing Mirai botnet, which specifically places enterprises in its crosshairs, has been discovered by security researchers. 

Mirai first shook the world in 2016 and became known for being the worst DDoS attack in history. 

Three years later, Mirai has returned, according to experts from Unit 42, Palo Alto Networks' security arm. It comes with an enhanced arsenal of features which increase the botnet's attack surface but, most pertinently, it has a revised attack strategy.

Mirai is still a botnet designed to exploit IoT devices, but in its latest iteration it seeks out vulnerable business devices - specifically, wireless presentation systems and the TVs used to present to rooms full of clients, partners and colleagues.

"This new Mirai is a perfect example of why every organisation needs to map their own networks from an external point of view and close off everything that is open and does not need to be," said Jamo Niemela, principal researcher at F-secure. "The types of new devices that Mirai attacks have no business of being visible to the Internet."

The WePresent WiPG-1000 wireless presentation system and the LG Supersign TV were the two devices singled-out by researchers as most vulnerable to the attack.

"This development indicates to us a potential shift to using Mirai to target enterprises," said Ruchna Nigam, senior threat researcher at Unit 42.

"The previous instance where we observed the botnet targeting enterprise vulnerabilities was with the incorporation of exploits against Apache Struts and SonicWall."

The new variant of Mirai includes new exploits in its multi-exploit battery as well as new credentials to use in its brute force attacks. In addition, the malicious payload attached to it was hosted at a compromised business website based in Colombia.

These new features, Nigam notes, gives Mirai a larger attack surface than before. By targeting firms which have business-grade bandwidth on their network, the combination can facilitate far larger-scale DDoS attacks.

"These developments underscore the importance for enterprises to be aware of the IoT devices on their network, change default passwords, ensure that devices are fully up-to-date on patches," Nigam added.

"And in the case of devices that cannot be patched, to remove those devices from the network as a last resort."

Last September, Mirai was discovered by Unit 42 attempting to target enterprise networks. As noted above, the previous variant targeted the same Apache Struts vulnerability that hackers used to carry out the infamous and the Equifax data breach.

Mirai has been attributed to a host of cyber attacks since three American twentysomethings launched it in 2016. The FBI has said that it believed the trio was not involved in the massive Dyn attack of 2016, but Mirai was at least part of the attack that hit the DNS provider and a selection of the biggest tech companies in the world.

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

Malicious ‘Dependency Confusion’ packages are stealing password files
hacking

Malicious ‘Dependency Confusion’ packages are stealing password files

2 Mar 2021
What is the Computer Misuse Act?
Policy & legislation

What is the Computer Misuse Act?

2 Mar 2021
What is cloud-to-cloud backup?
cloud backup

What is cloud-to-cloud backup?

1 Mar 2021
Lazarus APT hacking group is targeting the defense industry
Security

Lazarus APT hacking group is targeting the defense industry

26 Feb 2021

Most Popular

How to connect one, two or more monitors to your laptop
Laptops

How to connect one, two or more monitors to your laptop

25 Feb 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021
Ransomware operators are exploiting VMware ESXi flaws
ransomware

Ransomware operators are exploiting VMware ESXi flaws

1 Mar 2021