For BusinessNewsSecurity

Mirai Botnet Comes with new 11 Exploits to Attack Enterprise Devices

Researchers saw a new variant of the Mirai botnet, which now involves 11 new exploits. Among the goals of the malware, the most noteworthy presenters are WePresent WiPG-1000 and LG Supersign TVs.

For the first time, the activity of this version of Mirai was recorded in January 2019. Up to this point, the botnet attacked routers, surveillance cameras, modems and controllers.

Now the vulnerable presenters of WePresent WiPG-1000 and LG Supersign TVs installed in corporations have been added to this list.

Moreover, the attackers added 11 new exploits to 16 existing ones. Thus, the total number of exploits has reached 27. Previously, the Palo Alto Networks team discovered that the malicious component is stored on a Colombian company server.

According to the statement, this server “provides electronic security systems, integration and monitoring alarms”.

What is Mirai malware?

Mirai is a malware that infected Linux IoT devices or gadgets in August 2016. The attack remained in the type of a botnet that createdan enormous DDOS storm. An example, targets included Italian political websites , Minecraft servers, and Russian auction. The DDoS had secondary results on other very big service providers that used their services such as Sony PlayStation servers, Amazon, GitHub, Netflix, PayPal, Reddit, and Twitter. In total 600,000 IoT devices were infected as part of the botnet cumulative.

The new Mirai variant spotted by Unit 42 also comes with a handful of new features:

1. It makes use of the same encryption scheme as is characteristic of Mirai with a table key of 0xbeafdead.
2. When decrypting strings using this key, we found certain unusual default credentials for brute force that we haven’t come across until now.
3. It uses the domain at port 23823 is for C2 communication.
4. In addition to scanning for other vulnerable devices, the new version can be commanded to send out HTTP Flood DDoS attacks.

“These new features afford the botnet a large attack surface. In particular, targeting enterprise links also grants it access to larger bandwidth, ultimately resulting in greater firepower for the botnet for DDoS attacks,” according to Palo Alto Networks’ Unit 42

VulnerabilityAffected Devices
CVE-2018-17173LG Supersign TV
WePresent WiPG-1000 Command InjectionWePresent WiPG-1000 Wireless Presentation systems
DLink DCS-930L Remote Command ExecutionDLink DCS-930L Network Video Cameras
DLink diagnostic.php Command ExecutionRouters DLink DIR-645, DIR-815
Zyxel P660HN Remote Command ExecutionRouters Zyxel P660HN-T
CVE-2016-1555Netgear WG102, WG103, WN604, WNDAP350, WNDAP360, WNAP320, WNAP210, WNDAP660, WNDAP620
CVE-2017-6077, CVE-2017-6334Netgear DGN2200 N300 Wireless ADSL2+

Denial-of-Service (DoS)

Denial-of-service(Dos) attack is a malicious attempt to make a server or network resources unavailable to users, usually by temporarily interrupting or suspending the services of a host connected to the Internet. DoS attack causes the system to crash or unable to respond in time to make the site unavailable to users. The most popular type of DoS attack occurs when a hacker “floods” the system by overloading the system with “useless traffic” so a user is prevented from accessing their e-mail, website, etc.

How does Mirai DoS work?
How does Mirai DoS work?
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button