New Mirai variant hits SD-WANs, wireless presentation systems

Palo Alto Networks Unit 42 recently discovered a new variant of the Mirai malware comprised of eight new exploits against a range of embedded devices.

The targeted devices range from wireless presentation systems to set-top-boxes, SD-WANs and even smart home controllers, according to a research note written by Ruchna Nigam on June 6.

Mirai has historically been known for aiming at embedded devices such as DVRs and IP cameras to launch DDoS attacks, going back to late 2016 when internet provider Dyn was hit.

RELATED:  Year in Review: Cyber attacks on IoT devices, networks grow in intensity

Since 2018, Nigam said Mirai malware authors have experimented with new exploits that sometimes try to gain more bots for use in exploits with larger botnets.  Palo Alto found the new exploits on exploit-db, which is publicly available.

The new exploits rely on a new encryption key and brute force attacks.

“This newly discovered variant is a continuation of efforts by Linux malware authors to scout for a wider range and thus, larger number, of IoT devices to form larger botnets thereby affording the greater firepower for DDoS attacks,” Nigam said.  “The exploits that are more effective and infect a greater number of devices are retained or reused in future variants.”

Palo Alto customers are protected by WildFire detection software and Threat Prevention and PANDB to block exploits used by the variant.