Since its first appearance in 2016, the Mirai botnet has been a continual security IoT concern. The malware and its various variations have recently been attributed to the increase in attacks on IoT (55%) and Linux (38%) in the first quarter of 2021 by security researchers.
Growing Variants
- Since the Mirai authors released the source code, threat actors have stirred up numerous attacks by making their own IoT army of botnets.
- While numerous threat actors have constantly introduced new features and exploits, the framework and objective of the campaigns remain the same.
Determining the eminence of Mirai
- During the analysis of IoT botnets, researchers came across numerous interesting things.
- A fresh honeypot system was uncovered which received about 200 hits a day and in only three weeks almost 4,700 attacks.
- About 4,000 of these attacks were connected to versions of Mirai.
- Based on these attacks, Hajime, SYLVEON, PEDO, DNXFCOW, SORA, Cult, BOTNET, OWARI, and Ecchi were the main versions used in the attacks.
- In addition to the honeypot, researchers have discovered MANGA, a Mirai variant that actively updates exploit vectors.
- Some of the exploits of OptiLink’s ONT1GEW GPON, Cisco HyperFlex, and Tenda routers are for the vulnerabilities found within them.
Additionally
- Researchers say that another Mirai variation, Moobot, has shown an activity surge.
- It turns out that a new cyber underground domain, Cyberium, is being pushed out, which anchors a considerable number of Mirai variant activities.
- Researchers noted that in Tenda routers, Moobot aggressively scans for vulnerability, for remote code execution.
- A hard-coded string that is used several times in a code, like creating the process name to be used during execution, is one of the major characteristics of Moobot.
As the number of smart devices continues to expand, in the future, IoT will remain a source of infection. The active nature of Mirai variants apparently makes this more important in terms of attacks and developments. It also emphasizes again the need to correct IoT security standards and the requirement for IoT device producers to patch vulnerabilities in a prompt fashion.
To read more, please check eScan Blog
