A couple of years ago the Mirai botnet put thousands of system administrators in trouble before being dismantled; however, website security audit experts claim that malware developers keep using this source code as the basis for new variants of the botnet to exploit Internet of Things (IoT) devices.
New versions of the botnet appear with a threatening frequency, launching massive attacks against smart devices around the world, either exploiting known vulnerabilities or bypassing the basic security measures of these devices.
One of the latest versions of Mirai botnet has been identified as Echobot. Website security audit experts from the firm Palo Alto Networks reported for the first time the activity of this botnet in early June; over the past few days, reports on the activity of this malware have multiplied.
Echobot does not present profound changes to the original Mirai source code, but follows the trend of just adding some new modules. Website security audit experts mentioned that, at the time of detection, Echobot had exploits for 18 different vulnerabilities; 26 different exploits were detected in the latest report.
“A noteworthy feature not only in Echo, but in multiple botnets today, is exploiting vulnerabilities in enterprise environments; hackers not only attack devices with an integrated operating system (routers, surveillance cameras, etc.), but now their primary target is enterprise software implementations, such as Oracle WebLogic, to deploy malware“, specialists mention.
According to the experts from the International Cyber Security Institute (IICS), the list of exploits integrated in Echobot is varied enough to try to reach any flaws present in the targeted system.
This method is not unique to Echobot, although experts consider the way the malware authors have decided to integrate the exploits has not been random. Although in the testing stages of a botnet developers can choose some exploits at random, only those that demonstrate greater effectiveness or greater scope due to the type of vulnerability exploited will be integrated into the final version of the code.