Mirai, the highly disruptive malware strain that got its name from a 2011 Japanese TV show, is back on the beat and even “better” than before. Programmers have modified the original botnet beast, and it’s now screeching its way through enterprise-level Internet of things (IoT) devices.
The original Mirai crash landed in 2016. A sophisticated piece of malware programming, it snatched control of networked devices and assimilated them into a ferocious botnet. Even low-level programmers were able to access thousands of gadgets and computers and to orchestrate distributed denial of service attacks. ADSL modems, routers and network cameras proved most vulnerable to the well-engineered strain.
Mirai: A DDoD powerhouse
Ultimately, Mirai played a central role in several infamous distributed denial of service raids against multiple high-profile targets including the French hosting company OVH.com, the website of venerated online security reporter Brian Krebs and DNS server provider Dyn, which crippled popular sites like Reddit, GitHub, Airbnb and Netflix for a period. Rutgers University and the African country of Liberia also suffered under the malware’s grip.
And for months, Mirai’s author remained anonymous. Eventually, the malware entered the halls of hacker infamy. James Ferraro, an electronic composer and musician, even name-checked the notorious Trojan on his 2018 album “Four Pieces for Mirai.”
However, in 2017, Krebs revealed his suspicion that a programmer going by the alias Anna-senpai — government name: Paras Jha — penned Mirai. A student at Rutgers with a dorm-room business, Jha initially denied the charges. Then the FBI got involved, and on December 13, 2017, Jha and two other people pled guilty to criminal errands related to the Mirai botnet attacks. Ultimately, a judge sentenced Jha to six months behind bars and slapped him with an $8.6 million fine.
Mirai is back and more dangerous
Before Jha and his co-conspirators reported to authorities for incarceration, Mirai’s source code found its way online, and likeminded programmers took up the mantle. The result: new Mirai strains that can weasel their way into enterprise IoT devices and make use of all that business bandwidth, which could, theoretically, result in an attack of historic proportions.
In the fall of 2018, researcher Matthew Bing explained in a blog post:
"Like many IoT devices, unpatched Linux servers linger on the network and are being abused at scale by attackers sending exploits to every vulnerable server they can find. [We have] been monitoring exploit attempts for the Hadoop YARN vulnerability in our honeypot network and found a familiar, but surprising payload - Mirai."
Vulnerable devices
According to Kaspersky Labs, second-generation Mirai strains represent about 21 percent of all IoT device pollutants. Additionally, the latest versions are even more flexible than the original and can exploit a wider range of targets, including enterprise-class controllers, wireless presentation systems, and digital signage. Analysts warn that the following devices are particularly vulnerable:
- DLink DCS-930L network video cameras;
- DLink DCS-930L network video cameras;
- Netgear WG102, WG103, WN604, WNDAP350, WNDAP360, WNAP320, WNAP210, WNDAP660, WNDAP620 devices;
- Netgear DGN2200 N300 Wireless ADSL2+ modem routers;
- Netgear Prosafe WC9500, WC7600, WC7520 wireless controllers;
- ePresent WiPG-1000 wireless presentation systems;
- LG Supersign TVs;
- DLink DIR-645, DIR-815 routers; and
- Zyxel P660HN-T routers.
Many security experts strongly suspect that Industrial IoT devices may now also be vulnerable.
Guarding Against a Mirai Infection
Now that you know what Mirai is, you’re probably wondering: What measures should be taken to prevent infection?
Researchers and engineers, including the team at one of the best vpn services of 2019, unanimously agree that IT divisions should:
- Take inventory of all IoT devices connected to their networks
- Change default passwords across the board
- Ensure that every device connected to the Internet is up-to-date on patches
- Create a preventative strategy that includes firewalls, vpn, and anti-virus and anti-malware software
It may even be worth the investment to bring in a third-party expert to ensure your system is locked down properly. Companies that don’t have an in-house IT department should definitely summon a security professional for a threat of Mirai’s magnitude.
Businesses aren’t the only ones who must worry about Mirai. Every individual with a home network should also take measures to protect against the malicious virus. Many home routers come with a default backdoor that hackers can easily exploit. Making a network unattractive to Mirai-wielding ne’er-do-wells simply involves changing the default credentials.
Online privacy concerns and compliance
Malware is part of an ever-expanding landscape of online privacy concerns. And as legislation grows up around technological advancements, businesses need to be more cognizant of the intersection between data safekeeping and government breach regulations.
For example, did you know that in many jurisdictions, under certain circumstances, companies can be held legally and financially responsible for data breaches? So be sure to take reasonable steps to indemnify your company from possible punishment in the event of an attack.
The bottom line
Everyone needs to be aware of the threat that Mirai and its malware spawn present. Get your network shored up sooner rather than later, because the next big Mirai-rooted attack will likely cause tremendous chaos, the likes of which the world has never seen.
Read more Network Computing security-related articles:
Four Tips to Worsen Your Network Security
The Missing Piece in Cloud App Security
Five Steps to Address Cloud Security Challenges