Palo Alto’s Unit 42: A new Mirai variant is targeting the Wireless Presentation & Display Systems, This development indicates a cybercrime potential shift to using the IoT/Linux botnet against enterprises
A new Mirai variant on the wild is targeting Enterprise Wireless Presentation & Display Systems. It has been discovered by Palo Alto’s Unit 42 cyber security experts. This new malware targets different embedded devices like routers, network storage devices, NVRs, and IP cameras and using numerous exploits against them. According to the company’s blog, in particular, WePresent WiPG-1000 Wireless Presentation systems, and in LG Supersign TVs. Both these devices are intended for use by businesses. This development indicates a cybercrime potential shift to using the IoT/Linux botnet against enterprises. In addition, this new variant of Mirai includes new exploits in its multi-exploit battery, as well as new credentials to use in brute force against devices. Finally, the malicious payload was hosted at a compromised website in Colombia: an “Electronic security, integration and alarm monitoring” business.
The cyber security experts: The new IoT/Linux botnet features a large cyber attack surface and also grants it access to larger bandwidth, resulting in greater firepower for the botnet for DDoS attacks
The new Mirai features afford a large cyber attack surface. In particular, targeting enterprise links also grants it access to larger bandwidth, ultimately resulting in greater firepower for the botnet for DDoS attacks. The cyber security experts concluded that IoT/Linux botnets continue to expand their attack surface, either by the incorporation of multiple exploits targeting a plethora of devices, or by adding to the list of default credentials they brute force, or both. In addition, targeting enterprise vulnerabilities allows them access to links with potentially larger bandwidth than consumer device links. These developments underscore the importance for enterprises to be aware of the IoT devices on their network, change default passwords, ensure that devices are fully up-to-date on patches. And in the case of devices that cannot be patched, to remove those devices from the network as a last resort.