dChan
Anonymous ID: 3fd943 March 19, 2019, 8:18 p.m. No.5783821   🗄️.is 🔗kun

>>5783168 lb

Palo Alto Networks merged with CenturyLink when that power outage happened recently.

The pic used for this article is the Dark Overlordish.

 

What Is the Mirai Botnet, and How Can I Protect My Devices?

Josh Hendrickson @canterrain March 19, 2019, 6:40am EDT

 

On March 18, 2019, security researchers at Palo Alto Networks unveiled that Mirai has been tweaked and updated to accomplish the same goal on a larger scale. The researchers found Mirai was using 11 new exports (bringing the total to 27), and a new list of default admin credentials to try. Some of the changes target business hardware, including LG Supersign TVs and WePresent WiPG-1000 wireless presentation systems.

 

Mirai can be even more potent if it can take over business hardware and commandeer business networks. As Ruchna Nigam, a Senior Threat Researcher with Palo Alto Networks, puts it:

 

These new features afford the botnet a large attack surface. In particular, targeting enterprise links also grants it access to larger bandwidth, ultimately resulting in greater firepower for the botnet for DDoS attacks.

 

This variant of Miria continues to attack consumer routers, cameras, and other network-connected devices. For destructive purposes, the more devices infected, the better. Somewhat ironically, the malicious payload was hosted on a website promoting a business that dealt with “Electronic security, integration and alarm monitoring.”

Mirai Is a Botnet That Attacks IOT Devices

 

If you don’t remember, in 2016 the Mirai botnet seemed to be everywhere. It targeted routers, DVR systems, IP Cameras and more. These are often called Internet of Things (IoT) devices and include simple devices like thermostats that connect to the internet. Botnets work by infecting groups of computers and other Internet-connected devices and then forcing those infected machines to attack systems or work on other goals in a coordinated fashion.

 

Mirai went after devices with default admin credentials, either because no one changed them or because the manufacturer hardcoded them. The botnet took over a massive number of devices. Even if most of the systems weren’t very powerful, the sheer numbers worked could work together to achieve more than a powerful zombie computer could on its own.

 

Mirai took over nearly 500,000 devices. Using this grouped botnet of IoT devices, Mirai crippled services like Xbox Live and Spotify and websites like BBC and Github by targeting DNS providers directly. With so many infected machines, Dyn (a DNS provider) was taken down by a DDOS attack that saw 1.1 terabytes of traffic. A DDOS attack works by flooding a target with a massive amount of internet traffic, more than the target can handle. This will bring the victim’s website or service to a crawl or force it off the internet entirely.

 

The original creators of the Marai botnet software were arrested, pleaded guilty, and given terms of probation. For a time, Mirai was shut down. But enough of the code survived for other bad actors to take over Mirai and alter it to fit their needs. Now there’s another variant of Mirai out there.

 

How to Protect Yourself From Mirai

 

Mirai, like other botnets, uses known exploits to attack devices and compromise them. It also tries to use known default login credentials to work into the device and take it over. So your three best lines of protection are straight forward.

 

Always update the firmware (and software) of anything you have in your home or workplace that can connect to the internet. Hacking is a cat and mouse game, and once a researcher discovers a new exploit, patches follow to correct the problem. Botnets like this thrive on unpatched devices, and this Mirai variant is no different. The exploits targetting the business hardware were identified last September and in 2017.

 

https://www.howtogeek.com/408036/what-is-the-mirai-botnet-and-how-can-i-protect-my-devices/

https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/

 

https://www.channelpartnersonline.com/2018/12/18/centurylink-unveils-advanced-security-service-with-palo-alto-networks/