A new variant of the Mirai botnet has added at least three exploits to its arsenal, which enable it to target additional IoT devices, including routers and DVRs.
The new version of Mirai -- a powerful cyberattack tool which took down large swathes of the internet across the US and Europe in late 2016 -- has been uncovered by researchers at security company Fortinet, who have dubbed it Wicked after lines in the code.
The original version of Mirai was deployed to launch massive distributed denial-of-service (DDoS) attacks, but has also been modified for other means after its source code was published online including to turn unpatched IoT devices into crytocurrency miners and proxy servers for delivering malware.
While the original Mirai uses traditional brute force attacks in an attempt to gain control of IoT devices, Wicked uses known and available exploits in order to do its work. Many of these are old, but the inability of many IoT devices to actually install updates means they haven't been secured against known exploits.
Following a successful compromise, Wicked downloads an additional payload in the form of Owari, another Mirai variant -- although researchers found that the Owari bot samples could no longer be found in the website directory and Wicked was now downloading the Omni bot.
According to Fortinet, this is the latest product by the malicious developer, although Owari had been previously distributed. Researchers have come to the conclusion that four IoT botnets -- Wicked, Sora, Owari and Omni -- are all by the same author.
"This also leads us to the conclusion that while the WICKED bot was originally meant to deliver the Sora botnet, it was later re-purposed to serve the author's succeeding projects," wrote researchers.
IoT devices remain popular targets for cyber attackers -- not only do they often lack the security built into other products, but the very nature of the devices mean they're often installed and forgotten about. In order to avoid falling victim to IoT hacks, users should regularly patch the devices when updates are available.
READ MORE ON CYBER CRIME
- This new type of DDoS attack takes advantage of an old vulnerability
- Hackers behind new botnet also host a GTA: San Andreas server [CNET]
- Your forgotten IoT gadgets will leave a disastrous, toxic legacy
- Here's how much money a business should expect to lose if they're hit with a DDoS attack [TechRepublic]
- IoT security warning: Cyber-attacks on medical devices could put patients at risk