A couple of years ago the Mirai botnet put thousands of system administrators in trouble before being dismantled; however, website security audit experts claim that malware developers keep using this source code as the basis for new variants of the botnet to exploit Internet of Things (IoT) devices.
New versions of the botnet appear with a
threatening frequency, launching massive attacks against smart devices around
the world, either exploiting known vulnerabilities or bypassing the basic
security measures of these devices.
One of the latest versions of Mirai botnet has
been identified as Echobot. Website security audit experts from the firm Palo
Alto Networks reported for the first time the activity of this botnet in early
June; over the past few days, reports on the activity of this malware have
multiplied.
Echobot does not present profound changes to
the original Mirai source code, but follows the trend of just adding some new modules.
Website security audit experts mentioned that, at the time of detection,
Echobot had exploits for 18 different vulnerabilities; 26 different exploits
were detected in the latest report.
“A noteworthy feature not only in Echo,
but in multiple botnets today, is exploiting vulnerabilities in enterprise
environments; hackers not only attack devices with an integrated operating
system (routers, surveillance cameras, etc.), but now their primary target is
enterprise software implementations, such as Oracle WebLogic, to deploy malware“,
specialists mention.
According to the experts from the International
Cyber Security Institute (IICS), the list of exploits integrated in Echobot is
varied enough to try to reach any flaws present in the targeted system.
This method is not unique to Echobot, although
experts consider the way the malware authors have decided to integrate the
exploits has not been random. Although in the testing stages of a botnet
developers can choose some exploits at random, only those that demonstrate
greater effectiveness or greater scope due to the type of vulnerability
exploited will be integrated into the final version of the code.
