The evolution of Mirai could spell trouble for Windows business and home users
The infamous Mirai malware is now capable of targeting Windows systems, according to researchers at an antivirus firm. The original version of the malware was discovered in August 2016 and was used by cybercriminals to create botnets of infected Internet of Things (IoT) devices.
These botnets conducted distributed denial of service (DDoS) attacks against some rather large targets, says Richard Meeus, VP Technology at NSFOCUS IB, including internet infrastructure giant, DYN. In the latest development of Mirai, researchers at Dr. Web have shown that a Windows Trojan (Trojan.Mirai.1) is capable of targeting Windows systems, scanning them for evidence of connected devices running Linux, and laterally infecting those devices with the Mirai malware.
Richard Meeus
The use of Windows to distribute Mirai means that it has now established a foothold into private networks. Previously, IoT devices that were not connected directly to the Internet were not thought to be as heavily at risk as those that were. However, with the trojan’s ability to jump that gap, and due to the fact that Windows is ever-present in many homes and businesses, Mirai now has a new vehicle to infect even more devices.
Home users and businesses alike need to practice good security on any devices they bring into their home or office. Just because an IoT device doesn’t have a keyboard, doesn’t mean it is any less susceptible to hacks.
Whether it is a robot reading stories to children, a webcam designed to monitor your pets, or web enabled TVs in boardrooms, if they have connectivity to the Internet, they can be attacked.
People need to understand that as soon as they install a new device that is Wi-Fi enabled, they need to change the default password of that device. Mirai relies on a large table of IoT devices with known factory settings, including default passwords, so this is a simple and easy fix.
With the new variant targeting Windows, ensuring antivirus software is up-to-date is a must. Businesses should ensure their firewalls and edge security devices have the latest intelligence that includes signatures for the latest Mirai Malware.
The Mirai strain of malware looks poised to become the ‘new normal’ for 2017. As such, home and business users alike must take proper precautions to ensure their devices are not participating in crippling DDoS attacks against others.
If residential and commercial users do not protect themselves from Mirai, they could see their IP address listed as “malicious” on threat intelligence feeds. Once your IP address(es) find their way onto these lists, it’s very difficult to get them removed.
The author of this blog is Richard Meeus, VP Technology at NSFOCUS IB
Comment on this article below or via Twitter @IoTGN