New Mirai Botnet Variant Targets IoT TV, Presentation Systems omertawf, braindumpscom
Researchers found a new Mirai variant in the wild targeting smart signage TV and wireless presentation systems commonly used by businesses. Analysis revealed that the variant uses old and new exploits, and that the cybercriminals behind this botnet have also expanded its built-in list of credentials to brute force into internet of things ( IoT ) devices and networks using default passwords.
[Read: With Mirai comes Miori: IoT botnet delivered via ThinkPHP remote code execution exploit ]
The new malware variant (detected by Trend Micro as Backdoor.Linux.MIRAI.VWIPI and Backdoor.Linux.BASHLITE.AME) was detected in early January of 2019 from a compromised website in Colombia tailoring to security and alarm integration, widening the possible impact to small and big businesses alike according to Palo Alto’s report . Out of the 27 exploits that this Mirai variant uses – previously used to target embedded devices such as IP cameras, network storage devices, and routers via Apache Struts – 11 are new to the malware family, and specifically targets WePresent WiPG-1000 Wireless Presentation systems and LG Supersign TVs.
Much like prior campaigns, the new botnet variant is capable of scanning for exposed Telnet ports and using default access credentials with infected devices. It is also capable of scanning for specific devices and unpatched systems, and using one of the exploits in its list to attack and infect. It uses port 3933 to receive commands from the command and control ( C&C ) server, such as HTTP Flood DDoS attacks.
[Read: Securing your routers against Mirai and other home network attacks ]
Trend Micro also found the last Mirai variant, Yowai , in January, and cybercriminals are expected to continue using and developing Mirai to exploit the increasing number of IoT devices in the market. Given the larger and more damaging effects of malware that infects business systems, IoT device users are advised to immediately change their default credentials to lock out bad actors using this particular method. Systems should be patched immediately using available updates released by legitimate vendors to remove exploitable vulnerabilities.
Trend Micro ™ Deep Discovery ™
Trend Micro Smart Home Network™
Like it? Add this infographic to your site:1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
In the first half of this year, cybersecurity strongholds were surrounded by cybercriminals waiting to pounce at the sight of even the slightest crack in defenses to ravage valuable assets. View the report
The upheavals of 2020 challenged the limits of organizations and users, and provided openings for malicious actors. A robust cybersecurity posture can help equip enterprises and individuals amid a continuously changing threat landscape. View the 2020 Annual Cybersecurity Report