grandeduc - Fotolia
Palo Alto Networks Inc.'s Unit 42 found new variants of the Gafgyt and Mirai botnets targeting unpatched enterprise devices with an assortment of vulnerabilities, including the Apache Struts bug that was exploited in the Equifax breach. What does this mean for the evolution of Mirai botnet malware? What risks do these botnets pose to enterprises?
Any good malware or botnet is going to have a modular architecture to enable attackers to plug in new functionality or replace old functionality to improve the attack. This may require more resources to develop the malware or attack, but it will pay off just like using any other standard best practices for software development. One of the most important aspects of this modular approach is that it makes it simpler to take advantage of new vulnerabilities by incorporating new exploits into the tool.
The Gafgyt and Mirai botnets received updates enabling them to exploit vulnerabilities in Apache Struts and in SonicWall's Global Management System. Palo Alto Networks' Unit 42 found new variants of the Gafgyt and Mirai botnets that are able to scan for vulnerable systems. The Mirai source code has been updated several times since its initial release to enable attacks on additional types of IoT devices and to perform other types of attacks.
The updates identified by Unit 42 have the ability to connect back to a central command-and-control server, enabling the attacker to launch a distributed denial-of-service (DDoS) attack, steal data or create a foothold into an enterprise network, which greatly extends the DDoS functionality that was originally included in Mirai.
The risk from these updates is not trivial, and future updates will inevitably include new attacks and vulnerabilities to exploit in future botnets that attack IoT devices. It is critical to have protections in place for vulnerable IoT devices.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Cyberattacks often begin with a port scan attack, which attackers use to find exploitable vulnerabilities on targeted systems. Learn how they work ... Continue Reading
Monitoring process memory is one way to combat fileless malware attacks. Here's what you can do to protect your network against these campaigns. Continue Reading
A screaming channel attack is a new wireless threat making networks -- particularly those with IoT components -- vulnerable. Are there any safeguards... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.