The Mirai botnet has continued to grow in 2019, with researchers at IBM X-Force estimating that its activity has almost doubled in a year. The IoT-focused malware was discovered in 2019 when it was used for one of the biggest DDoS attacks in history. It brought down Dyn DNS and with it Netflix, PayPal, and Twitter, and spread with the help of Windows.
Now, IBM researchers say it's found a renewed presence in the enterprise. With 63 variants of Mirai now in the wild, it has grown beyond its creator's intentions, and enterprise is a natural target for disruption.
“For enterprise-level network administrators, Mirai malware has been considered more of a nuisance than anything else, given the assumption that the attackers were going after home-based products such as smart home devices, lighting fixtures, thermostats, home security systems, and cameras, rather than corporate network endpoints,” said IBM. “However, in reality, enterprise networks are also susceptible to DDoS attacks from the Mirai botnet if they host connected devices that are less secure or use default credentials.”
The Mirai Threat is Evolving
The botnets are apparently using a wider range of payloads for more victims and hardware types. A range of clones have also risen, mimicking the original infection techniques, while IBM is seeing botnets aimed at dropping crypto miners and backdoors via enterprise IoT.
The most attacked industries appear to be information and insurance services. However, Mirai campaigns generally cast a wide net, so it could be more due to the prevalence of IoT devices in such companies than anything else.
Mirai's co-creator was hit with an $8.6 million fine last October and was ordered to stay confined to his home for six months. Unfortunately, the action has done little to prevent the spread of the botnet, as others have taken on its tactics and automated nature.
“Since this activity is highly automated, there remains a strong possibility of large-scale infection of IoT devices in the future,” warns IBM. “Additionally, threat actors are continuing to expand their targets to include new types of IoT devices and may start looking at industrial IoT devices or connected wearables to increase their footprint and profits.”