De acordo com a equipa Netscout’s Arbor Security Engineering and Response Team (ASERT), os cibercriminosos continuam a melhorar a temida botnet IoT – Mirai, adicionando novos exploits e funcionalidades.
A botnet Mirai está drasticamente a alterar-se todos os dias, e novas versões têm aparecido nos últimos dias. Em poucos meses os especialistas identificaram pelo menos quatro variantes da Mirai, nomeadamente Satori, JenX, OMG e Wicked.
Vxers estão a usar o código-fonte do Mirai que vazou no passado de maneira a criar a sua própria versão. Esta nova tendência está a assustar os especialistas em segurança.
“Using Mirai as a framework, botnet authors can quickly add in new exploits and functionally, thus dramatically decreasing the development time for botnets. The Mirai source is not limited to only DDoS attacks. A variant of Satori was discovered which attacks Ethereum mining clients.” states the report published by Netscout.
Abaixo as principais descobertas para as novas variantes do Mirai:
- The JenX bot evolved from Mirai to include similar coding, but authors removed scanning and exploitation capabilities.
- The OMG bot adds HTTP and SOCKS proxy capabilities.
- The Wicked Mirai exploits RCE flaws to infect Netgear routers and CCTV-DVR devices. When vulnerable devices are found, a copy of the Owari bot is downloaded and executed.
Os criminosos continuarão a usar as variantes do Mirai para construir grandes redes de bots. Por isso, os especialistas recomendam que as organizações apliquem as correções adequadas, atualizações e estratégias de mitigação de DDoS para proteger as suas infraestruturas.
“As seen with the four samples covered above, botnet authors are already using the Mirai source code as their building blocks. As the explosion of IoT devices does not look to be slowing down, we believe we’ll continue to see increases in IoT botnets.” concluded the report.
“We are likely to see remnants of Mirai live on in these new botnets as well.”
Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.
Read more here.