New Strain of Mirai Malware Targets Enterprise IoT

If you were keeping tabs on IoT news back in 2016, you know about the Mirai botnet that attacked devices around the world. It was a devastating attack that taught the world how dangerous IoT-based malware can be.

Mirai was eventually released as open source on the Internet. This allowed any budding hacker to download the code and create their own variants of the malware. Before long, the Internet was swarmed with different variants of the Mirai botnet as people tried to make their mark.

As such, the appearance of Mirai variants isn’t news by themselves. We’ve seen a lot of different takes on the base Mirai malware in the past. What makes the most recent strain of Mirai malware worrying is what it’s targeting.

The New Targets

Mirai-Enterprise-Office

Mirai botnets in the past typically took aim at as many devices as possible. This is mainly because of its nature as a botnet. Botnets want as many devices in its network as possible, as raw numbers are what makes a botnet powerful.

The latest revision to Mirai, however, shows a clear focus on enterprise IoT. This means that Mirai developers are beginning to move away from infecting the general public and is now targeting businesses.

What’s Getting Hit

Mirai-Enterprise-Router

The full list of devices that have been added to Mirai’s potential targets are, as stated by Kaspersky:

  • ePresent WiPG-1000 wireless presentation systems
  • LG Supersign TVs
  • DLink DCS-930L network video cameras
  • DLink DIR-645, DIR-815 routers
  • Zyxel P660HN-T routers
  • Netgear WG102, WG103, WN604, WNDAP350, WNDAP360, WNAP320, WNAP210, WNDAP660, WNDAP620 devices
  • Netgear DGN2200 N300 Wireless ADSL2+ modem routers
  • Netgear Prosafe WC9500, WC7600, WC7520 wireless controllers

This is a big move, as we’ve seen hackers shift toward hitting big business in other areas, too. Ransomware has been found more in businesses than on people’s personal PCs, and it’s all due to the money hackers can gain from targeting affluent victims.

How to Stay Safe

Mirai-Enterprise-Security

The best way to avoid an attack by this new strain of malware is to properly set up your IoT devices before using them. Mirai works by scanning networks for open ports that use the default username and password, so simply changing the login credentials can help defend against Mirai.

With Mirai’s prolific nature, businesses are also deploying patches to protect their devices from the botnet. As such, make sure you keep your devices up to date with their firmware to stop them from being conscripted into the Mirai swarm.

If a device is acting oddly or slow, try giving it a reboot. If it does have malware in it, doing this should flush it out and free up the device once again. It’s important to note, however, that this doesn’t make it “immune” to further infections. If Mirai targets it once again, it’ll just get infected once more!

Even More Mirai

Mirai made the headlines back in 2016 when it entered the scene. It quickly began conscripting IoT devices into its botnet, before being released as open source. While this naturally spawned variants on Mirai, this latest development targeting enterprise IoT is a worrying shift toward disrupting businesses.

Do you think IoT is safe enough for businesses to use? Or should companies with sensitive information stick to more physical, traditional methods for now? Let us know below.

Leave a Comment

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.