IoT worm MIRAI variants are increasingly inclined to infect corporate intranets

IoT worm MIRAI variants

The MIRAI IoT worm, which was open source two years ago, is mutating at a very high rate and infecting a large number of IoT devices worldwide.

Infected IoT devices are mainly such that the security of such devices is poorly fixed. For MIRAI, only the parameters need to be modified to infect.

Over time, the variants of MIARI have become more and more appetising, and these variants are no longer targeting the central household equipment.


Infecting the corporate network is an excellent choice:

The latest version of the MIRAI variant that is currently being discovered is targeting enterprise networks, which are not the Internet of Things devices but use their servers.

This MIARI variant of the botnet is mainly infected by the vulnerability of Apache Struts, which was fixed in time after it was discovered last year.

However, many servers have not fixed the vulnerability so far, so there is a hidden danger. The MIRAI variant is a downtime exploit to infect the internal server of the enterprise.

Launch an attack or collect information:

Most of these enterprise servers that are currently infected are only used to expand the hacker’s botnet to act as an appliance to initiate traffic attacks when needed.

But what is worrying is that MIRAI can also gain privileges when these servers are infected, that is, hackers can also use to install other backdoor programs and so on.

Therefore, even when necessary, even hackers can obtain the file information on the server. For the enterprise, if the confidential information is leaked, the loss may be even more significant.

Via: paloaltonetworks