New Mirai Botnet Variant Expands the IoT Targeting Even Further

  • A fresh Mirai variant adds nine more exploits in its galore of targeted vulnerabilities.
  • The authors of Mirai incorporated some of the flaws mere hours after the details were published.
  • Updating your IoT is your best bet, as there are fixes out for every exploit in the bot.

Mirai’s perseverance continues in 2021, as the nasty botnet that has been plaguing IoTs around the globe since 2016 has had yet another target-expanding update. We have seen that happening again and again, with new Mirai botnet variants adding exploits for routers, presentation devices, smart TVs, and video recorders.

This time, we have a generic expansion into the networking equipment space. Based on the reports of Unit 42 researchers who discovered the new sample last month, the new Mirai variant has added the following exploits:

  • VisualDoor (a SonicWall SSL-VPN exploit).
  • CVE-2020-25506 (a D-Link DNS-320 firewall exploit).
  • CVE-2020-26919 (a Netgear ProSAFE Plus exploit).
  • Possibly CVE-2019-19356 (a Netis WF2419 wireless router exploit).
  • Three other IoT vulnerabilities yet to be identified.

In some cases, the actors incorporated the exploits mere hours after the associated vulnerabilities had been published, underlining the authors' readiness in a clear way. The focus of the actors is obviously on critical or at least high severity flaws that can trigger remote code execution conditions, so Mirai remains a very dangerous botnet.

Source: Unit42

From the point of C2 infrastructure, Unit42 researchers noticed that the actors were changing URLs every week, and each time, the distribution lasted for three days or less. As for the binaries that are fetched from these URLs, these are the following:

Source: Unit42

To protect your IoTs and by extension yourself against Mirai, apply all available firmware updates on your devices, change the default credentials to something strong and unique, set up a separate network for them and isolate them from your most critical machines, and finally, simply take all IoTs offline when you’re not using them.

There's already a fixing patch available out there for all the vulnerabilities that are being exploited by Mirai right now, so updating your devices should do the trick. Until today, we have seen no Mirai variants incorporating zero-days, which would make the situation a lot different. In any case, the fact that Mirai’s authors are moving instantaneously underlines the need to patch as quickly as possible every time a new update is out.

Latest
How to Watch Welcome to Flatch Season 2 Online From Anywhere
Welcome to Flatch is landing a new season soon, and we are happy to tell you it's super easy to stream online,...
How to Watch CSI: Vegas Season 2 Online From Anywhere
There is great excitement among CSI fans worldwide as CSI: Vegas Season 2 is finally set to premiere soon. After the success...
How to Watch Hell’s Kitchen Season 21 Online From Anywhere
Are you ready to get back into Hell's Kitchen? Gordon Ramsay is returning for the 21st season on Fox, and we're eager...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari
[class^="wpforms-"]
[class^="wpforms-"]
[class^="wpforms-"]
[class^="wpforms-"]