Advertisement

Mirai offshoot offers ‘greater firepower’ for DDoS attacks, researchers warn

Operators of the new variant have gone after devices that are popular with businesses, such as wireless presentation systems, according to Unit 42.
botnet, attack, ddos, red team, mykings
(Getty Images)

A new variant of the infamous Mirai botnet is targeting embedded devices like routers and internet-connected cameras with new exploits, security researchers have concluded.

By taking aim at enterprises with large network bandwidths, the Mirai offshoot could give the botnet “greater firepower” to orchestrate distributed denial-of-service attacks, said researchers at Unit 42, Palo Alto Networks’ threat intelligence unit. Operators of the new variant have gone after devices that are popular with businesses, such as wireless presentation systems, according to Unit 42.

“IoT/Linux botnets continue to expand their attack surface, either by the incorporation of multiple exploits targeting a plethora of devices, or by adding to the list of default credentials they brute force, or both,” Ruchna Nigam, senior threat researcher at Unit 42, wrote in a blog post.

Either patch your devices or get them off the network, Nigam advised.

Advertisement

Mirai is a multi-part cautionary tale in the vulnerability of the IoT devices that litter the web. In October 2016, the botnet was used for one of the most powerful DDoS attacks on record when it cut off access to the websites of Twitter, PayPal, and other big tech companies. Since then, several variants have emerged, including one reportedly used to attack banks and government agencies in the Netherlands.

The research published Monday shows that the wellspring of Mirai variants is alive and well. Unit 42 found 11 exploits that are new to the botnet, and a website in Colombia that was continuing to host the variant’s payload as of Monday.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts