New Mirai Variant Targets Enterprise Wireless Presentation and Display Systems (Mar 18, 2019)
Palo Alto Networks Unit 42 researchers have discovered a new variant of the "Mirai" Internet-of-Things (IoT) botnet malware. This new variant of the notorious Distributed Denial-of-Service (DDoS) malware is specifically targeting "WePresent WiPG-1000 Wireless Presentation" systems and LG "Supersign" televisions, as of this writing. Researchers note that both of these products are intended for businesses which may potentially indicate that Mirai is shifting toward enterprise-focused targeting. The new variant was also found to have new credentials added to its list to conduct brute force attacks as well as 11 new exploits to infect the aforementioned targets, among other new features. Mirai now has 26 exploits at its disposal that include various CVEs and router vulnerabilities. Researchers also found that the malware was pulling payloads from an IP address that was also distributing the "Gafgyt" information-stealing trojan.
Recommendation: Your company should ensure that all internet-connected devices and systems are properly patched and carefully monitored for suspicious activity. Additionally, Internet-of-Things (IoT) devices such as smartphones and tablets that are brought by your employees need to be viewed as a potential risk. Employees should be properly educated on how to keep their professional and personal devices properly secured and protected. Mirai is well known to infect devices that still use the default credentials, therefore, complex passwords should be implemented to avoid brute force attacks. Additionally, denial-of-service attacks can potentially cost your company a loss in revenue because severe attacks can shut down online services for extended periods of time. The availability for threat actors to compromise vulnerable devices, and purchase DDoS-for-hire is a continually evolving threat. Mitigation techniques can vary depending on the specifics of the attack.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.