New Mirai variant infects projectors, IP cameras, and LG Supersign TVs

New Mirai variant infects projectors, IP cameras, and LG Supersign TVs

New Mirai variant infects projectors, IP cameras, and LG Supersign TVs

Security researchers have discovered a new variant of the feared Mirai botnet that not only infects a range of routers, but also IP cameras, network storage devices, NVRs, WePresent WiPG-1000 Wireless Presentation systems, and LG Supersign TVs.

This new variant was discovered first in January this year and features as many as eleven new exploits as well as new credentials to use in brute force attacks on IoT devices. The new exploits enable cyber criminals to target a range of IoT devices used by enterprises and then leverage hijacked devices to target the enterprises themselves.

“These new features afford the botnet a large attack surface. In particular, targeting enterprise links also grants it access to larger bandwidth, ultimately resulting in greater firepower for the botnet for DDoS attacks.

These developments underscore the importance for enterprises to be aware of the IoT devices on their network, change default passwords, ensure that devices are fully up-to-date on patches. And in the case of devices that cannot be patched, to remove those devices from the network as a last resort,” said researchers at Palo Alto’s Unit 42.

How powerful the new Mirai variant is can be gauged by the fact that including the eleven new exploits, it features a total of 27 exploits which can enable it to infect a wide range of IoT devices and other connected equipment used by organisations. It uses the domain epicrustserver[.]cf at port 3933 for C2 communication and can be commanded to send out HTTP Flood DDoS attacks.

Flaws in enterprise IoT devices can be easily addressed

“This evolution of IoT based botnets targeting the enterprise makes sense. Enterprises are rapidly adopting IoT technologies, such as the WePresent system and the LG Supersign TV, and vulnerable IoT devices within enterprise networks increases attacker motivation due to more lucrative financial returns via extortion, intellectual property theft and such,” said Lane Thames, senior security researcher at Tripwire.

He added that the what worries him most is that the organisations in the digital industry still have a long way to go in terms of maturing their secure development practices. The vulnerabilities that allow the new Mirai variant to affect WePresent and the Supersign TV are a classic case of a web application not sanitizing user input (input that a user/attacker can control when interacting with the web application) and can be easily addressed with modern development frameworks.

“Organisations developing web-based products should have mechanisms in place to catch such low hanging “fruit” as this during their development and QA processes. Don’t get me wrong, developing secure software is hard, and there is no such thing as perfect security. But, we should have graduated beyond this level of trivialness by now.

“Unfortunately, cyber defenders are fighting an uphill battle, and scale is one of our biggest challenges. Countless systems are being developed and rushed to market and this is coupled with a growing talent pool of developers and engineers that have not been trained in any way around cybersecurity along with businesses that don’t understand the need for secure product development. Mirai and likely many other types of IoT based botnets are here to stay for a very long time,” he added.


Hackers using Mirai framework in new botnet exploits

Torii botnet more advanced than any other Mirai-based malware

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]