This article details breaking news about three new attacks from the Mirai Botnet. You might also know this botnet as the devastating ransomware WannaCry.
In April 2018, we covered the story of how university students developed what would become the WannaCry ransomware.
But before it attacked millions of devices, WannaCry was the Mirai botnet–a DDoS army that was used by, among others, university students that wanted an edge in Minecraft.
The latest variants enable the botnet to target DVRs, routers, and other devices.
What are the three new attacks and how you protect your IoT devices?
Three Different Attacks; One Sole Creator
As we covered before, the Mirai Botnet works as a large distributed denial-of-service (DDoS) attack. It only developed into WannaCry after one of its creators released the code online.
This led to many variations on the original DDoS, brute force attack method. But four of the Mirai Botnet variants — Sora, Wicked, Omni, and Owari — might all be by the same author.
Cybersecurity researchers at Fortinet came to this conclusion after studying the code. In fact, they think that some of the variants weren’t originally meant to operate autonomously.
“This also leads us to the conclusion that while the Wicked bot was originally meant to deliver the Sora botnet, it was later re-purposed to serve the author’s succeeding projects”, says the Fortinet blog.
Though the code is not that new, researchers keep unpacking new beasties. These latest variants target different devices than previous Mirai Botnet variants.
Affected Devices and a Potential Culprit
Previous botnet attacks targeted many IoT devices because of their notoriously lax security standards.
Given the maelstrom of data privacy concerns now in the public eye, anxieties about hackers are not something else your average citizen needs to have on their mind.
Fortinet outlined some of the specific affected devices in their May 17th, 2018 blog post. It included Netgear routers and CCTV-DVR remotes as well as already infected web servers.
The bot downloads the malicious payload, but there seems to be some relationship between the three variants. As Fortinet points out, Omni bot samples replaced Owari bot samples in some of the exploits. They did not elaborate on the purpose behind this.
Fortinet believes they spoke to the original author in April, forming this theory from that interview. They offered advice we want to echo: remember to regularly update and patch your IoT devices.