Old IoT malware doesn’t die, or fade away - it just keeps evolving. Mirai, the IoT botnet malware that bought the internet to its knees in October 2016, has been updated yet again.
Palo Alto Networks found a new variant of the malware in January. In a March report, it revealed that the new version can target a range of other devices, including LG’s SuperSign range of TVs and the WiPG-100 wireless presentation system, which are both intended for use in businesses or public areas.
“This development indicates to us a potential shift to using Mirai to target enterprises,” said the research team. They had already seen another variant targeting business networks in September last year, when they reported on a version that exploited a vulnerability in Apache Struts. This was the same vulnerability that enabled attackers to raid Equifax for millions of users’ personal data.
These aren’t the first cases of Mirai gaining new functionality. Another variant called Satori plundered Huawei routers in 2017. The reason that the software keeps getting updates is in part because it was released as open source code in October 2016, shortly before someone used it to launch a massive DDoS attack against DNS provider Dyn and bring large parts of the commercial Internet grinding to a halt.
Expect the botnet malware to keep evolving as others exploit the code and add their own enhancements. Also, Mirai or other IoT malware show up in more businesses. The effect of IoT hacks on business networks is still relatively unpublicized, but every time a vulnerable IoT device joins an office LAN somewhere, it increases its attack surface.
It isn’t just connected business devices that render these networks vulnerable; consumer toys do, too. From smart kettles for the office kitchen to that connected iPhone-controlled flowerpot your office manager just hooked up to the business Wi-Fi network, devices meant for the smart home make the office network a scarier place to be.
Not only can many of these devices be hacked, but they represent a jumping off point for the rest of the network, and can also sometimes leak network information in the clear. A lot of them have poorly-protected built-in web servers, making them toxic from a cybersecurity perspective.
Your IT auditing software can find all your Windows servers, but can it find your smart lighting?
The topic of Cyber Physical/IoT will be covered throughout the free-to-attend conference at Infosecurity Europe in London from 4-6 June. See all the talks on Cyber Physical/IoT here. Infosecurity Europe is the leading European event for information and cyber security; find out more and secure your free visitor badge.
