Maksim Kabakou - Fotolia
A Mirai variant known as Okiru was recently discovered and is believed to have the capability to put over 1.5 billion devices at risk of becoming part of a botnet. How does the Okiru malware work and what types of devices are at risk?
It's hard to compare the state of IoT device security with the risk of a large-scale financial market going bad; however, the interconnection and open nature of the internet enables IoT devices and large-scale IoT worms and can have a significant impact on how the internet functions, just like Mirai did.
A new Mirai variant named Okiru was detected by malware security group MalwareMustDie, and it targets IoT devices with Argonaut RISC Core (ARC) processors. The Okiru malware has similar functionality and high-level architecture to Mirai in the sense that it scans for systems with Telnet configured with default passwords.
Okiru malware is different from Mirai and from Mirai variant Satori because it uses its own unique configurations and botnet command-and-control servers, and it uses different exploits to gain control of victim systems.
MalwareMustDie reported that the Okiru malware is the first malicious code to specifically target ARC processors. Since ARC processors share a common software development environment with other IoT devices based on Linux, it's not a big surprise that these devices are being targeted.
While ARC processors are not as common as Intel or ARM, they are still widely used in many devices. ARC processors are used in a wide array of system-on-a-chip devices, such as wearable fitness and medical devices, intelligent appliances, smart energy hubs, and automotive and industrial equipment.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Emerging cyberattacks and threats
Related Q&A from Nick Lewis
Security researchers demonstrated how a new fileless attack technique can bypass a Windows kernel protection feature at Black Hat 2018. Find out how ... Continue Reading
Researchers from Check Point announced a new attack at Black Hat 2018 that targets Android devices. Discover how this attack works and how devices ... Continue Reading
Sophos researchers believe the SamSam ransomware campaign could be the work of one or a few threat actors using manual techniques. Learn how it works... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.