"Son of Mirai" botnet appears

News
By
published

New malware sets its sights on enterprise devices

Image credit: Pixabay

While the Mirai IoT botnet primarily targeted consumer devices using default credentials, a spiritual successor has emerged which could potentially infect devices running on enterprise networks.

Security researchers at Palo Alto Networks' Unit 42 recently discovered a new strain of a botnet malware called Echobot which is based on Mirai's source code and targets flaws in business tools.

In addition to previously targeted vulnerabilities, Echobot also tires to exploit the CVE-2019-2725 vulnerability in Oracle WebLogic Server and the CVE-2018-6961 vulnerability in VMware NSX SD-WAN to add even more machines to its botnet.

According to Palo Alto's team, those behind Echobot have expanded the malware's exploit arsenal as a way of reaching additional devices besides home routers, webcams and digital video recorders. Mirai gained notoriety for preying on consumer devices and now, Echobot and other variants have set their sights on the enterprise.

New targets

By expanding its range of targets, Echobot now poses an even greater threat than Mirai once did and according to Akamai's Larry Cashdollar, the botnet is also trying to exploit security flaws from the past.

Cashdollar discovered that several of the malware's new exploits are for vulnerabilities that have been around for almost a decade but were never properly addressed including the CVE-2009-5157 vulnerability found in Linsys devices and the CVE-2010-5330 vulnerability in Ubiquiti's devices.

In a blog post on Akamai's site, Cashdollar provided further insight on how Echobot is trying to exploit older vulnerabilities, saying:

“Botnet developers are always looking for ways to spread malware. They are not just relying on exploiting new vulnerabilities that target IoT devices, but vulnerabilities in enterprise systems as well. Some of the new exploits they've added are older and have remained unpatched by the vendor. It seems the updates to Echobot are targeting systems that have possibly remained in service, but whose vulnerabilities were forgotten. This is an interesting tactic as these systems if found have remained vulnerable for years and will probably remain vulnerable for many more.”

Via The Register

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
Woman shocked by online scam, holding her credit card outside
Cybercriminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets
Woman using iMessage on iPhone
UK government guidelines remove encryption advice following Apple backdoor spat
Cryptocurrencies
Ransomware’s favorite Russian crypto exchange seized by law enforcement
Wordpress brand logo on computer screen. Man typing on the keyboard.
Thousands of WordPress sites targeted with malicious plugin backdoor attacks
HTTPS in a browser address bar
Malicious "polymorphic" Chrome extensions can mimic other tools to trick victims
ransomware avast
Hackers spotted using unsecured webcam to launch cyberattack
Latest in News
WhatsApp
WhatsApp just made its AI impossible to avoid – but at least you can turn it off
ChatGPT vs Gemini comparison
I compared GPT-4.5 to Gemini 2.0 Flash and the results surprised me
Apple iPhone 16 Plus
Apple officially delays the AI-infused Siri and admits, ‘It’s going to take us longer than we thought’
The Meta Quest Pro on its charging pad on a desk, in front of a window with the curtain closed
Samsung, Apple and Meta want to use OLED in their next VR headsets – but only Meta has a plan to make it cheap
AMD Ryzen 9000 3D chips
AMD officially announces price and release date for Ryzen 9 9900X3D and 9950X3D processors
Google Pixel 9
There's something strange going on with Google Pixel phone vibrations after the latest update
More about security
Woman shocked by online scam, holding her credit card outside

Cybercriminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets
Cryptocurrencies

Ransomware’s favorite Russian crypto exchange seized by law enforcement
WhatsApp

WhatsApp just made its AI impossible to avoid – but at least you can turn it off
See more latest
Most Popular
WhatsApp
WhatsApp just made its AI impossible to avoid – but at least you can turn it off
Woman shocked by online scam, holding her credit card outside
Cybercriminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets
ChatGPT vs Gemini comparison
I compared GPT-4.5 to Gemini 2.0 Flash and the results surprised me
Brother HL-L2865DW during our review process
Brother denies claims it locked down third-party printer ink cartridges via forced firmware updates
Telo MT1
The anti-Cybertruck? This new electric pick-up is the size of a Mini and the cutest way to haul your gear
Apple iPhone 16 Plus
Apple officially delays the AI-infused Siri and admits, ‘It’s going to take us longer than we thought’
AMD Ryzen 9000 3D chips
AMD officially announces price and release date for Ryzen 9 9900X3D and 9950X3D processors
Microtik RDS2216 data server
This is Amazon's first foray in servers, and certainly not the last: MicroTik franken-router is powered by the AWS Graviton 1 Arm CPU
The Meta Quest Pro on its charging pad on a desk, in front of a window with the curtain closed
Samsung, Apple and Meta want to use OLED in their next VR headsets – but only Meta has a plan to make it cheap
Cryptocurrencies
Ransomware’s favorite Russian crypto exchange seized by law enforcement