New Mirai Botnet Variant Now Infects Vulnerable IoT Devices Near You
Right after the smartphone and tablet revolution that disrupted the laptop market considerably, the next big thing is the proliferation of IoT (Internet-of-Things) devices. The days when toasters, refrigerators, home lighting and other traditionally non-Internet connected devices becoming Internet-citizens and people started accepting such reality without much resistance.
Unlike the mature PC and the smartphone platforms, IoT technology is still in its infancy. Windows and Android have both evolved with security mechanisms retroactively installed on them (Defender for Windows and Google Play Protect for Android), IoT devices have no such feature. Cybercriminals are feasting with IoT’s irresponsible roll-out, without understanding the inherent risk of deploying them to a home network or corporate networking, knowing that the technology is still very new.
Just recently, Symantec has revealed that Mirai botnet has evolved from a humble beginning of infecting Aboriginal Linux to taking over IoT devices. Mirai is now capable of employing IoT devices to launch Denial of Service Attacks. Dinesh Venkatesan, Symantec’s representative explained: “As it is, the IoT market is hugely fragmented and most of the devices do not receive software patches for the known vulnerabilities. To make things worse, the malware authors continue to evolve these variants, making the malware more powerful and portable across different platforms and architectures.”
Aboriginal Linux is one of the smallest Linux command-line only distributions, the former favorite hive of Mirai botnet malware. The virus authors definitely want to migrate to new hosts of bigger market share compared to the mentioned minor Linux distro.
“Ever since the first reported incident of the Mirai botnet (Linux.Mirai) back in 2016, followed by the malware’s source code being leaked, the number of variants of this family has been growing steadily, their success helped along by an environment of poorly managed IoT devices. As it is, the IoT market is hugely fragmented and most of the devices do not receive software patches for the known vulnerabilities. To make things worse, the malware authors continue to evolve these variants, making the malware more powerful and portable across different platforms and architectures,” said Symantec in their official blog.
Aside from making a major foothold with IoT devices, the virus authors behind Mirai are in the process of further evolving their creation to become compatible with IP cameras, routers and even Android-based devices.
Symantec and other antivirus vendors officially dubbed the infection as Linux.Mirai, in full recognition, that it was first known to only infect Aboriginal Linux. Symantec has published their official tips on how to lessen the chance of IoT devices getting infected by Mirai.
Below are the tips, directly quoted from Symantec:
- Research the capabilities and security features of an IoT device before purchase.
- Perform an audit of IoT devices used on your network.
- Change the default credentials on devices. Use strong and unique passwords for device accounts and Wi-Fi networks.
- Use a strong encryption method when setting up Wi-Fi network access (WPA).
- Disable features and services that are not required.
- Disable Telnet login and use SSH where possible.
- Disable Universal Plug and Play (UPnP) on routers unless absolutely necessary.
- Modify the default privacy and security settings of IoT devices according to your requirements and security policy.
- Disable or protect remote access to IoT devices when not needed.
- Use wired connections instead of wireless, where possible.
- Regularly check the manufacturer’s website for firmware updates.
- Ensure that a hardware outage does not result in an unsecure state of the device.