As a hacker offering DDoS services to the highest bidder, there is one in particular that peaks your interest – bandwidth. The bigger the bandwidth of the devices you operate, the stronger the DDoS attack.
And who usually has higher bandwidth? Organisations and businesses alike. Consequently, a new string of the Mirai botnet has emerged, which targets business IoT devices. We’re talking TVs and projectors that beam ads, but also broadband routers, network-attached storage boxes, IP-enabled cameras, digital video recorders, the usual stuff.
Researchers at Palo Alto Networks’ Unit 42 are saying this string of Mirai is targeting WePresent projectors, D-Link video cameras, LG digital signage TVs, and routers from Netgear, D-Link, and Zyxel. It exploits vulnerabilities that usually come as a result of unpatched firmware.
The sad thing is that most of these firmware vulnerabilities are widely known and patches exist – businesses just didn’t do it.
"In particular, Unit 42 found this new variant targeting WePresent WiPG-1000 Wireless Presentation systems, and in LG Supersign TVs," the researchers said. "Both these devices are intended for use by businesses. This development indicates to us a potential shift to using Mirai to target enterprises."
So, more compromised units means a stronger network. Higher bandwidth means a tougher DDoS attack. The downside to this scenario is that companies are usually faster at spotting compromised devices. Still, it’s a question if even the most secure companies update their TV’s firmware.
"IoT/Linux botnets continue to expand their attack surface, either by the incorporation of multiple exploits targeting a plethora of devices, or by adding to the list of default credentials they brute force, or both," Unit 42's Ruchna Nigam said.
"In addition, targeting enterprise vulnerabilities allows them access to links with potentially larger bandwidth than consumer device links, affording them greater firepower for DDoS attacks."
Image source: Shutterstock/everything possible