Skip to main content

Mirai botnet resurfaces on IoT devices

(Image credit: Image source: Shutterstock/everything possible)

As a hacker offering DDoS services to the highest bidder, there is one in particular that peaks your interest – bandwidth. The bigger the bandwidth of the devices you operate, the stronger the DDoS attack.

And who usually has higher bandwidth? Organisations and businesses alike. Consequently, a new string of the Mirai botnet has emerged, which targets business IoT devices. We’re talking TVs and projectors that beam ads, but also broadband routers, network-attached storage boxes, IP-enabled cameras, digital video recorders, the usual stuff.

Researchers at Palo Alto Networks’ Unit 42 are saying this string of Mirai is targeting WePresent projectors, D-Link video cameras, LG digital signage TVs, and routers from Netgear, D-Link, and Zyxel. It exploits vulnerabilities that usually come as a result of unpatched firmware.

The sad thing is that most of these firmware vulnerabilities are widely known and patches exist – businesses just didn’t do it.

"In particular, Unit 42 found this new variant targeting WePresent WiPG-1000 Wireless Presentation systems, and in LG Supersign TVs," the researchers said. "Both these devices are intended for use by businesses. This development indicates to us a potential shift to using Mirai to target enterprises."

So, more compromised units means a stronger network. Higher bandwidth means a tougher DDoS attack. The downside to this scenario is that companies are usually faster at spotting compromised devices. Still, it’s a question if even the most secure companies update their TV’s firmware.

"IoT/Linux botnets continue to expand their attack surface, either by the incorporation of multiple exploits targeting a plethora of devices, or by adding to the list of default credentials they brute force, or both," Unit 42's Ruchna Nigam said.

"In addition, targeting enterprise vulnerabilities allows them access to links with potentially larger bandwidth than consumer device links, affording them greater firepower for DDoS attacks."

Image source: Shutterstock/everything possible

Sead Fadilpašić

Sead is a freelance journalist with more than 15 years of experience in writing various types of content, from blogs, whitepapers, and reviews to ebooks, and many more, across sites including Al Jazeera Balkans, TechRadar Pro, IT Pro Portal, and CryptoNews.