Old IoT malware doesn’t die, or fade away – it just keeps evolving. Mirai, the IoT botnet malware that bought the internet to its knees in October 2016, has been updated yet again.
Palo Alto Networks found a new variant of the malware in January. In a March report, it revealed that the new version can target a range of other devices, including LG’s SuperSign range of TVs and the WiPG-100 wireless presentation system, which are both intended for use in businesses or public areas.
“This development indicates to us a potential shift to using Mirai to target enterprises,” said the research team. They had already seen another variant targeting business networks in September last year, when they reported on a version that exploited a vulnerability in Apache Struts. This was the same vulnerability that enabled attackers to raid Equifax for millions of users’ personal data.
These aren’t the first cases of Mirai gaining new functionality. Another variant called Satori plundered Huawei routers in 2017. The reason that the software keeps getting updates is in part because it was released as open source code in October 2016, shortly before someone used it to launch a massive DDoS attack against DNS provider Dyn and bring large parts of the commercial Internet grinding to a halt.
Expect the botnet malware to keep evolving as others exploit the code and add their own enhancements. Also, Mirai or other IoT malware show up in more businesses. The effect of IoT hacks on business networks is still relatively unpublicized, but every time a vulnerable IoT device joins an office LAN somewhere, it increases its attack surface.
It isn’t just connected business devices that render these networks vulnerable; consumer toys do, too. From smart kettles for the office kitchen to that connected iPhone-controlled flowerpot your office manager just hooked up to the business Wi-Fi network, devices meant for the smart home make the office network a scarier place to be.
Not only can many of these devices be hacked, but they represent a jumping off point for the rest of the network, and can also sometimes leak network information in the clear. A lot of them have poorly-protected built-in web servers, making them toxic from a cybersecurity perspective.
To read the original article: