First discovered in 2016, Mirai botnet took over an unprecedented number of units and shot massive injuries on the internet. Now it is back and dangerous than ever.
The new and improved Mirai infects more units
On March 18, 2019, security researchers at Palo Alto Networks revealed that Mirai has been tweaked and updated to achieve the same goal on a larger scale. The researchers found that Mirai used 11 new exports (a total of 27) and a new list of standard administrative tasks to try. Some of the changes are aimed at corporate hardware, including LG Supersign TVs and WePresent WiPG-1000 wireless presentation systems.
Mirai can be even more powerful if it can take over corporate hardware and commandeer corporate networks. As Ruchna Nigam, a Senior Threat Researcher with Palo Alto Networks, puts it:
These new features give the botnet a great attack surface. In particular, corporate link guidelines also provide access to greater bandwidth, resulting in greater firepower for the botnet for DDoS attacks.
This variant of Miria continues to attack consumer leaders, cameras and other networked devices. For destructive purposes, the better the infection of most units. Something ironic was the malicious payload host on a website that promotes a company that dealt with "Electronic Security, Integration, and Alarm Monitoring."
Mirai is a Botnet that attacks IOT devices
If you don't remember, in 2016 the Mirai botnet seemed to be everywhere. It targeted routers, DVR systems, IP cameras and more. These are often called Internet of Things (IoT) devices and include simple devices such as thermostats that connect to the internet. Botnets work by infecting groups of computers and other Internet-connected devices and then forcing the infected machines to attack systems or work on other targets in a coordinated manner.
Mirai went for units with standard administrator tasks, either because no one changed them or because the manufacturer coded them. The botnet took over a large number of units. Although most of the systems were not very powerful, the real work could collaborate to achieve more than one powerful zombie computer on its own.
Mirai took over 500,000 units. Using this grouped botnet of IoT units, Mirai crawled services like Xbox Live and Spotify and sites like BBC and Github by targeting DNS providers directly. With so many infected machines, Dyn (a DNS provider) was taken down by a DDOS attack that saw 1.1 terabyte traffic. A DDOS attack works by flooding a target with a large amount of internet traffic, more than the target can handle. This will lead the victim's website or service to a crawl or force it off the internet altogether.
The original creators of the Marai botnet software were arrested, charged with guilty and given conditions. For a while, Mirai was shut down. But enough code survived for other bad actors to take over Mirai and change it to suit their needs. Now there is another variant of Mirai out there.
RELATED: What is a Botnet?
How to protect yourself from Mirai
Mirai, like other botnets, uses known exploits to attack devices and compromise them. It also tries to use known standard login information to work in the device and take over it. So your three best protection lines are straight ahead.
Always update the firmware (and software) of everything you have in your home or workplace that can connect to the internet. Hacking is a cat and mouse game, and when a researcher discovers a new exploitation, stains follow to correct the problem. Botnets like this thrive on unmatched devices, and this Mirai variant is no different. Utilization of the company's hardware was identified in September and 2017.
RELATED: What is firmware or microcode, and how can I update my hardware?
] LINKSYS firmware upgrade page "width =" 650 "height =" 384 "src =" / pagespeed_static / 1.JiBnMqyl6S.gif "onload =" pagespeed.lazyLoadImages .loadIfVisibleAndMaybeBeacon (this); "onerror =" this.onerror = null; pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon (this); "/>
As soon as possible, change your device administrator's user name and password. in the router's web interface or mobile app (if it has one). For other devices you log in with their regular username or password, see the user manual
If you can log in with an administrator, password or a blank field, you need to change this. Be sure to change the default information when installing a new device, if you have already configured devices and neglected to change the password, do so now. This new version of Mirai is aimed at new combinations of standard username and password.
If your manufacturer stopped releasing new firmware updates or it has encoded the administrator information and you can change them, consider replacing the device.
The best way to check is to start on the manufacturer's website. Find the support page for your device and look for some firmware update messages. Check when the last one was released. If it has been many years since a firmware update, the manufacturer no longer supports the device.
You can also find instructions to change the administrator information on the manufacturer's support website. If you cannot find the latest firmware updates or a method for changing the device password, it is probably time to replace the device.
Changing units may seem drastic, but if they are vulnerable, it is your best option. Botnets like Mirai are not gone. You need to protect your devices. And by protecting your own devices, you protect the rest of the Internet.