Mirai heads to the smart office

The latest variant of the Mirai botnet is out – and this time it is looking for vulnerable smart devices in the workplace. Two of the newest 11 exploits added to this malware bundle target smart devices found more commonly in the office than the home.  But don’t relax, it’s not forgetting any of its older tricks.

Mirai lives on

When it comes to Smart IoT devices taking over the internet, Mirai is the definitive trendsetter botnet. It sprang into the internet in 2016 with two of the biggest DDoS attacks yet recorded. The sheer size of these attacks was a contrast to the insignificant devices that pulled it off – an army of hijacked surveillance cameras and other IoT devices. Most of these devices were insecure by definition, were not password protected, or were installed with the default settings left intact. With the authorities on their tails, the Mirai authors released their source code to the public, perhaps hoping that a barrage of copy-cat attacks would make it easier to hide. That strategy didn’t work, but it did give other hackers a starting point for coding their own new and improved botnet building malware.

Botnets learn to love the smart office

As shown by Unit 42, the two noted newcomer devices to the Mirai exploit kit are the WePresent WiPG-1000 Wireless Presentation system and the LG Supersign TV. There is a clear commercial logic to their inclusion. After all, if a Mirai botnet is going to pick an army of devices to knock others off the internet with a DDoS attack – they might as well grab the devices with more substantial bandwidth behind them than the average toaster. While these devices might be also protected more than that smart fitness device, the benefits from misusing that bandwidth could more than make up the difference.

It really is an exploit kit

Traditionally, exploit kits are thought of as Windows-specific shopping lists for the bad guys. They shop around, looking for vulnerable devices and go into action when they see a whole. And as the latest Chrome/Windows zero-day showed, sometimes they can combine exploits for even greater effectiveness. Armed with 27 exploits, this latest Mirai variant is taking that “strength in numbers” perspective. Users – whether businesses or individuals – leaving open posts exposed and not patching devices regularly make it an even easier task.

Is my ______ on that list?

The name of my router manufacturer was mentioned on the list of exploits and vulnerabilities – but I’m still not sure if my precise device model was there. After all, that manufacturer makes lots of well-known devices. This ambiguity over device security is a significant security risk all by itself. In my specific case, router WiFi settings are managed on a different computer. It was about about a year ago when I checked to see if the device was fully patched. Finally, the router is safely guarded by an array of spiders and I don’t want to disturb them. I suspect that many people have a similar connection to the care and nurturing of their router.

Get smart with your home and office devices

The same security recommendations apply to IoT devices at home or in the office – it’s just that the consequences might be more catastrophic for a firm:

  1. Know what devices are on your network
  2. Change those default passwords
  3. Check if your devices are up-to-date on their patches.
  4. If you have devices where you aren’t sure what the password is or if it is patched at all, think about junking it.
As a PR Consultant and journalist, Frink has covered IT security issues for a number of security software firms, as well as provided reviews and insight on the beer and automotive industries (but usually not at the same time). Otherwise, he’s known for making a great bowl of popcorn and extraordinary messes in a kitchen.