A new variant of Mirai malware is targeting a recently uncovered critical vulnerability in network-attached storage devices and exploiting them to rope the machines into an Internet of Things botnet.
Dubbed Mukashi, the malware uses brute force attacks using different combinations of default credentials in an effort to log into Zyxel network-attached storage products, take control of them and add them to a network of devices that can be used to conduct Distributed Denial of Service (DDoS) attacks.
Mukashi takes advantage of a vulnerability (CVE-2020-9054) in Zyxel NAS devices running firmware version 5.21 that allows remote attackers to execute code – and according to researchers at Palo Alto Networks, cyber criminals are actively attempting to exploit the attack in the wild.
The malware has been scanning TCP ports for potential targets since at least March 12, launching brute force attacks in an effort to bypass common username and password combinations as it goes. Once the login has been bypassed, Mukashi connects with a command and control server that can issue orders to conduct DDoS attacks.
While there are some differences in the Mukashi code, it's capabilities are almost exactly the same as Mirai – that means it has the potential to conduct large scale DDoS attacks against selected targets.
The Mirai botnet infamously took down large sections of the internet in late 2016, cutting off or slowing down large numbers of popular online services for millions of users. The source code was released online, providing anyone who wants to build a malicious botnet with the tools to do so – and cyber criminals have actively taken advantage of this.
Zyxel patched the vulnerability affecting Network Attached Storage and firewall products last month and it's recommended that all Zyxel users download the firmware update in order to protect devices from Mukashi attacks.
Researchers also recommend that users apply complex passwords to devices to help prevent brute force attacks taking advantage of common or weak passwords to help control of products and accounts.
MORE ON CYBERSECURITY
- This new ransomware is targeting network attached storage devices
- Three plead guilty to creating Mirai botnet used to crash web CNET
- How poor IoT security is allowing this 12-year-old malware to make a comeback
- How to avoid botnet attacks and other cyberthreats: 4 tips TechRepublic
- This aggressive IoT malware is forcing Wi-Fi routers to join its botnet army