Home / For Business / Mirai Botnet Comes with new 11 Exploits to Attack Enterprise Devices

Mirai Botnet Comes with new 11 Exploits to Attack Enterprise Devices

Researchers saw a new variant of the Mirai botnet, which now involves 11 new exploits. Among the goals of the malware, the most noteworthy presenters are WePresent WiPG-1000 and LG Supersign TVs.

For the first time, the activity of this version of Mirai was recorded in January 2019. Up to this point, the botnet attacked routers, surveillance cameras, modems and controllers.

Now the vulnerable presenters of WePresent WiPG-1000 and LG Supersign TVs installed in corporations have been added to this list.

Moreover, the attackers added 11 new exploits to 16 existing ones. Thus, the total number of exploits has reached 27. Previously, the Palo Alto Networks team discovered that the malicious component is stored on a Colombian company server.

According to the statement, this server “provides electronic security systems, integration and monitoring alarms”.

What is Mirai malware?

Mirai is a malware that infected Linux IoT devices or gadgets in August 2016. The attack remained in the type of a botnet that createdan enormous DDOS storm. An example, targets included Italian political websites , Minecraft servers, and Russian auction. The DDoS had secondary results on other very big service providers that used their services such as Sony PlayStation servers, Amazon, GitHub, Netflix, PayPal, Reddit, and Twitter. In total 600,000 IoT devices were infected as part of the botnet cumulative.

The new Mirai variant spotted by Unit 42 also comes with a handful of new features:

1. It makes use of the same encryption scheme as is characteristic of Mirai with a table key of 0xbeafdead.
2. When decrypting strings using this key, we found certain unusual default credentials for brute force that we haven’t come across until now.
3. It uses the domain epicrustserver.cf at port 23823 is for C2 communication.
4. In addition to scanning for other vulnerable devices, the new version can be commanded to send out HTTP Flood DDoS attacks.

“These new features afford the botnet a large attack surface. In particular, targeting enterprise links also grants it access to larger bandwidth, ultimately resulting in greater firepower for the botnet for DDoS attacks,” according to Palo Alto Networks’ Unit 42

Vulnerability Affected Devices
CVE-2018-17173 LG Supersign TV
WePresent WiPG-1000 Command Injection WePresent WiPG-1000 Wireless Presentation systems
DLink DCS-930L Remote Command Execution DLink DCS-930L Network Video Cameras
DLink diagnostic.php Command Execution Routers DLink DIR-645, DIR-815
Zyxel P660HN Remote Command Execution Routers Zyxel P660HN-T
CVE-2016-1555 Netgear WG102, WG103, WN604, WNDAP350, WNDAP360, WNAP320, WNAP210, WNDAP660, WNDAP620
CVE-2017-6077, CVE-2017-6334 Netgear DGN2200 N300 Wireless ADSL2+

Denial-of-Service (DoS)

Denial-of-service(Dos) attack is a malicious attempt to make a server or network resources unavailable to users, usually by temporarily interrupting or suspending the services of a host connected to the Internet. DoS attack causes the system to crash or unable to respond in time to make the site unavailable to users. The most popular type of DoS attack occurs when a hacker “floods” the system by overloading the system with “useless traffic” so a user is prevented from accessing their e-mail, website, etc.

How does Mirai DoS work?
How does Mirai DoS work?
Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Check Also

Facebook incorporates hidden codes in photos

Facebook incorporates hidden codes in photos for download

According to researcher Edin Jusupovic, social network Facebook includes hidden codes in photos uploaded by …

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.