Mirai offshoot offers ‘greater firepower’ for DDoS attacks, researchers warn

A new variant of the infamous Mirai botnet is targeting embedded devices like routers and internet-connected cameras with new exploits, security researchers have concluded.

By taking aim at enterprises with large network bandwidths, the Mirai offshoot could give the botnet “greater firepower” to orchestrate distributed denial-of-service attacks, said researchers at Unit 42, Palo Alto Networks’ threat intelligence unit. Operators of the new variant have gone after devices that are popular with businesses, such as wireless presentation systems, according to Unit 42.

“IoT/Linux botnets continue to expand their attack surface, either by the incorporation of multiple exploits targeting a plethora of devices, or by adding to the list of default credentials they brute force, or both,” Ruchna Nigam, senior threat researcher at Unit 42, wrote in a blog post.

Either patch your devices or get them off the network, Nigam advised.

Mirai is a multi-part cautionary tale in the vulnerability of the IoT devices that litter the web. In October 2016, the botnet was used for one of the most powerful DDoS attacks on record when it cut off access to the websites of Twitter, PayPal, and other big tech companies. Since then, several variants have emerged, including one reportedly used to attack banks and government agencies in the Netherlands.

The research published Monday shows that the wellspring of Mirai variants is alive and well. Unit 42 found 11 exploits that are new to the botnet, and a website in Colombia that was continuing to host the variant’s payload as of Monday.