Maksim Kabakou - Fotolia
A Mirai variant known as Okiru was recently discovered and is believed to have the capability to put over 1.5 billion devices at risk of becoming part of a botnet. How does the Okiru malware work and what types of devices are at risk?
It's hard to compare the state of IoT device security with the risk of a large-scale financial market going bad; however, the interconnection and open nature of the internet enables IoT devices and large-scale IoT worms and can have a significant impact on how the internet functions, just like Mirai did.
A new Mirai variant named Okiru was detected by malware security group MalwareMustDie, and it targets IoT devices with Argonaut RISC Core (ARC) processors. The Okiru malware has similar functionality and high-level architecture to Mirai in the sense that it scans for systems with Telnet configured with default passwords.
Okiru malware is different from Mirai and from Mirai variant Satori because it uses its own unique configurations and botnet command-and-control servers, and it uses different exploits to gain control of victim systems.
MalwareMustDie reported that the Okiru malware is the first malicious code to specifically target ARC processors. Since ARC processors share a common software development environment with other IoT devices based on Linux, it's not a big surprise that these devices are being targeted.
While ARC processors are not as common as Intel or ARM, they are still widely used in many devices. ARC processors are used in a wide array of system-on-a-chip devices, such as wearable fitness and medical devices, intelligent appliances, smart energy hubs, and automotive and industrial equipment.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Emerging cyberattacks and threats
Related Q&A from Nick Lewis
Enterprises new to the cloud can write new security policies from scratch, but others with broad cloud usage may need an update. Consider these ... Continue Reading
Cloud security providers need to play catch-up with the evolving advancements in cloud technology. Find out what the top CSPs offer today and which ... Continue Reading
Cloud security certifications serve to bolster security professionals' resumes and boost value to employers. Learn about the top certifications ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.