grandeduc - Fotolia

Is a Mirai botnet variant targeting unpatched enterprises?

New variants of popular botnets were found targeting IoT devices by Palo Alto Networks' Unit 42. Discover how these variants differ from their sources and what new risks they pose.

Palo Alto Networks Inc.'s Unit 42 found new variants of the Gafgyt and Mirai botnets targeting unpatched enterprise devices with an assortment of vulnerabilities, including the Apache Struts bug that was exploited in the Equifax breach. What does this mean for the evolution of Mirai botnet malware? What risks do these botnets pose to enterprises?

Any good malware or botnet is going to have a modular architecture to enable attackers to plug in new functionality or replace old functionality to improve the attack. This may require more resources to develop the malware or attack, but it will pay off just like using any other standard best practices for software development. One of the most important aspects of this modular approach is that it makes it simpler to take advantage of new vulnerabilities by incorporating new exploits into the tool.

The Gafgyt and Mirai botnets received updates enabling them to exploit vulnerabilities in Apache Struts and in SonicWall's Global Management System. Palo Alto Networks' Unit 42 found new variants of the Gafgyt and Mirai botnets that are able to scan for vulnerable systems. The Mirai source code has been updated several times since its initial release to enable attacks on additional types of IoT devices and to perform other types of attacks.

The updates identified by Unit 42 have the ability to connect back to a central command-and-control server, enabling the attacker to launch a distributed denial-of-service (DDoS) attack, steal data or create a foothold into an enterprise network, which greatly extends the DDoS functionality that was originally included in Mirai.

The risk from these updates is not trivial, and future updates will inevitably include new attacks and vulnerabilities to exploit in future botnets that attack IoT devices. It is critical to have protections in place for vulnerable IoT devices.

Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

Dig Deeper on Threats and vulnerabilities

Networking
CIO
Enterprise Desktop
Cloud Computing
ComputerWeekly.com
Close