Maksim Kabakou - Fotolia
A Mirai variant known as Okiru was recently discovered and is believed to have the capability to put over 1.5 billion devices at risk of becoming part of a botnet. How does the Okiru malware work and what types of devices are at risk?
It's hard to compare the state of IoT device security with the risk of a large-scale financial market going bad; however, the interconnection and open nature of the internet enables IoT devices and large-scale IoT worms and can have a significant impact on how the internet functions, just like Mirai did.
A new Mirai variant named Okiru was detected by malware security group MalwareMustDie, and it targets IoT devices with Argonaut RISC Core (ARC) processors. The Okiru malware has similar functionality and high-level architecture to Mirai in the sense that it scans for systems with Telnet configured with default passwords.
Okiru malware is different from Mirai and from Mirai variant Satori because it uses its own unique configurations and botnet command-and-control servers, and it uses different exploits to gain control of victim systems.
MalwareMustDie reported that the Okiru malware is the first malicious code to specifically target ARC processors. Since ARC processors share a common software development environment with other IoT devices based on Linux, it's not a big surprise that these devices are being targeted.
While ARC processors are not as common as Intel or ARM, they are still widely used in many devices. ARC processors are used in a wide array of system-on-a-chip devices, such as wearable fitness and medical devices, intelligent appliances, smart energy hubs, and automotive and industrial equipment.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Emerging cyberattacks and threats
Related Q&A from Nick Lewis
Enterprises have many options for email security best practices, ranging from deploying email security protocols to educating end users on the ... Continue Reading
Cyberattacks often begin with a port scan attack, which attackers use to find exploitable vulnerabilities on targeted systems. Learn how they work ... Continue Reading
Monitoring process memory is one way to combat fileless malware attacks. Here's what you can do to protect your network against these campaigns. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.