Slashdot Mirror
New Variants of Mirai Botnet Detected, Targeting More IoT Devices (arstechnica.com)
An anonymous reader quotes a report from Ars Technica: Mirai, the "botnet" malware that was responsible for a string of massive distributed denial of service (DDoS) attacks in 2016 -- including one against the website of security reporter Brian Krebs -- has gotten a number of recent updates. Now, developers using the widely distributed "open" source code of the original have added a raft of new devices to their potential bot armies by compiling the code for four more microprocessors commonly used in embedded systems.
Researchers at Palo Alto Networks' Unit 42 security research unit have published details of new samples of the Mirai botnet discovered in late February. The new versions of the botnet malware targeted Altera Nios II, OpenRISC, Tensilica Xtensa, and Xilinx MicroBlaze processors. These processors are used on a wide range of embedded systems, including routers, networked sensors, base band radios for cellular communications and digital signal processors. The new variants also include a modified encryption algorithm for botnet communications and a new version of the original Mirai TCP SYN denial-of-service attack. Based on the signature of the new attack option, Unit 42 researchers were able to trace activity of the variants back as far as November 2018.
Researchers at Palo Alto Networks' Unit 42 security research unit have published details of new samples of the Mirai botnet discovered in late February. The new versions of the botnet malware targeted Altera Nios II, OpenRISC, Tensilica Xtensa, and Xilinx MicroBlaze processors. These processors are used on a wide range of embedded systems, including routers, networked sensors, base band radios for cellular communications and digital signal processors. The new variants also include a modified encryption algorithm for botnet communications and a new version of the original Mirai TCP SYN denial-of-service attack. Based on the signature of the new attack option, Unit 42 researchers were able to trace activity of the variants back as far as November 2018.
The 'S' in IoT stands for 'Security'.
Yay, more malware. Just what we need.
Just cruising through this digital world at 33 1/3 rpm...
My attorney got arrested. Doesn't matter when it's backdoored.
Get up!
That's a weird set of processors, Nios II and Microblaze are either soft-cores or IP blocks on an FPGA, they aren't really used on consumer equipment. And who uses OpenRISC at all? Did they do this just because they can?
Mirai doesn't really target PCs; it's main focus is embedded systems, especially routers and (obviously) IoT devices in both consumer and industrial spaces, so I guess the authors are mostly trying to expand their attack space. They've already added a whole bunch of additional vendors and device types since the original version, so I guess this is just the next stage down the long tail of being able to attack as much as possible. My understanding is the Mirai code is very modular and fairly easy to add new exploits, so maybe the effort of doing so was trivial enough that someone just decided to add the extra modules and see how effective they are?
Alternatively, there's definitely a lot of interest from state-sponsored and ransomware-pushing APTs in targetting infrastructure/industy so maybe that's the motivation for the new processor additions, rather than consumer space devices? Once you've pwned a device, if you can also brick it at the flip of a software switch the potential for the next major cyberattack or WannaCry against another entity is definitely something those groups would be interested in, and infrastructure and industry are going to be much higher profile and/or more lucrative than a random consumer.
UNIX? They're not even circumcised! Savages!