Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

A new botnet is spreading Mirai across the world, with thousands of devices affected

DDoS attack.

Cybersecurity researchers have spotted a new campaign to bring additional endpoints into the Mirai botnet. 

According to a blog post from Akamai Security Intelligence Response Team (SIRT), unidentified threat actors discovered two new zero-day vulnerabilities and are currently exploiting them to strengthen the infamous DDoS botnet.

Given that the zero-days are yet to receive a patch, Akamai was careful not to give out too much information and point even more hackers in the right direction.


Weak credentials

“Although this information is limited, we felt it was our responsibility to alert the community about the ongoing exploitation of these CVEs in the wild. There is a thin line between responsible disclosing information to help defenders, and oversharing information that can enable further abuse by hordes of threat actors,” the company stressed.

All the researchers said is that the attackers found the flaws in at least one model of a network video recorder, as well as in an “outlet-based wireless LAN router built for hotels and residential applications.” The manufacturer is a Japanese firm that “produces multiple switches and routers”.

As for the specifics of the vulnerability itself, it was found in a “very common” feature, which led the researchers to speculate that other router models sold by the same manufacturer might have it, too. 

The flaws grant remote code execution (RCE) abilities, and while those are currently used to drop Mirai, they could be used for virtually any other malware out there. The silver lining is that in order to abuse the flaw, the attacker first needs some form of authentication. That’s why the attackers seem to be going for endpoints with weak or non-existent credentials. Those with passwords such as “password” or “password1” are the first in line to be compromised. 

Akamai notified both manufacturers of the discovered flaws, and while one acknowledged the findings and promised a patch next month, the other one is silent. The status of that patch is currently unknown.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.