A new version of Mirai (a self-propagating botnet that targets IoT devices and was responsible for a massive DDoS attack on Dyn’s servers back in 2016). According to the analysts, this botnet is equipped with a much wider range of exploits, which makes it even more dangerous and allows it to spread faster
The full list of devices that have been added to Mirai’s potential targets are, as stated by Kaspersky:
- ePresent WiPG-1000 wireless presentation systems
- LG Supersign TVs
- DLink DCS-930L network video cameras
- DLink DIR-645, DIR-815 routers
- Zyxel P660HN-T routers
- Netgear WG102, WG103, WN604, WNDAP350, WNDAP360, WNAP320, WNAP210, WNDAP660, WNDAP620 devices
- Netgear DGN2200 N300 Wireless ADSL2+ modem routers
- Netgear Prosafe WC9500, WC7600, WC7520 wireless controllers
The latest revision to Mirai, however, shows a clear focus on enterprise IoT. This means that Mirai developers are beginning to move away from infecting the general public and is now targeting businesses.
How to protect your devices
- Install patches and firmware updates on all devices and systems as soon as they are issued;
- Monitor the volume of traffic coming from each device, because infected devices will have significantly higher traffic;
- Always change preinstalled passwords and enforce an effective password policy for employees; and
- Reboot a device if you think it is acting strangely, but bear in mind that although doing so may get rid of existing malware, it won’t on its own reduce the risk of further infection.