Unit 24 security researchers at Palo Alto Networks have released a new report showing that new variants of malware Mirai and Botnet Gafgyt are exploiting new vulnerabilities in Internet Devices of Things (IoT).
The expert team says these are the IoT botnets associated with the Distributed Denial of Service (DDoS) attacks that began in 2016, including the notorious Equifax case, in which 143 million users had their data compromised by hackers.
According to the report, botnets are a real disaster for affected organizations and businesses because they can exploit their vulnerable devices and generate illegal traffic to attack their services on the Internet.
In the case of Mirai, the botnet was used to remove online services in the US, and since its arrival, new variants have emerged. Gafgyt, also called BASHLITE, in turn, is associated with the attack on more than 1 million IoT devices as its source code was filtered in 2015.
The researchers now claim that a new variant of Mirai adds exploits targeting at least 16 vulnerabilities, the most notable of which is the CVE-2017-5638 in Apache Struts software that enabled the theft of Equifax data. This seems to be the first documented example of Mirai exploiting this vulnerability. One of the uses of the new Mirai variant is security flaws in the Linksys E series, the D-Link RCE router and the Zyxel router.
On the other hand, the new variant of Gafgyt focuses on a recently discovered security flaw affecting the Global Management System (GMS) of SonicWall versions 8.1 and later that allows remote code execution.
In short, the Palo Alto Networks report ensures that these new variants show greater interest from hackers in IoT devices intended for the enterprise sector whose software versions are outdated.