Mirai variants are evolving with better tactics that focus on infecting multiple platforms, according to a Thursday blog post from Symantec. Mirai is a malware that compromises weak Internet of Things (IoT) devices to use in a large-scale DDoS attacks.
Mirai is best known for its massive cyberattack that swept both the US and Europe in 2016, which caused the largest internet blackout in US history. The malware created a massive botnet from IoT devices and attacked Dyn, a domain system for hundreds of major websites.
Since 2016, Mirai hasn’t been silent. In April, the botnet launched IoT DDoS attacks on the finance industry; and in May, the three new attacks popped up targeting IoT devices.
SEE: Enterprise IoT research: Uses, strategy, and security (Tech Pro Research)
“As it is, the IoT market is hugely fragmented and most of the devices do not receive software patches for the known vulnerabilities,” wrote Symantec employee Dinesh Venkatesan in the blog post. “To make things worse, the malware authors continue to evolve these variants, making the malware more powerful and portable across different platforms and architectures.”
What separates this attack from previous ones is Mirai’s use of the open source project, Aboriginal Linux. Leveraging the open source project made the cross compilation of different architectures and platforms easy and effective, said the blog post. Nothing was wrong with the open source project itself, instead Mirai used legitimate tools to help with the attack, explained the post.
Since the code base was skillfully paired with a cross compilation framework, the malware variants were much more powerful and compatible with more devices, making it able to attack a wider variety of IoT systems, said the post.
Symantec advised taking the following steps to protect your IoT devices from malware and keep your systems safe:
- Research the capabilities and security features of an IoT device before purchase.
- Perform an audit of IoT devices used on your network.
- Change the default credentials on devices. Use strong and unique passwords for device accounts and Wi-Fi networks.
- Use a strong encryption method when setting up Wi-Fi network access (WPA).
Check out this TechRepublic article for more ways to avoid malware on your devices.
The big takeaways for tech leaders:
- Botnets powered by Mirai malware are leveraging open source projects to compromise more IoT devices.
- Mirai is known for its massive cyberattack in 2016 and continues finding new strategies to increase its attack surface, forcing IoT users to stay vigilant and aware.