Last week, researchers noticed an increase inwards traffic scanning ports 2323 together with 23 from hundreds of thousands of unique IP addresses from Argentine Republic inwards less than a day.
The targeted port scans are actively looking for vulnerable internet-connected devices manufactured yesteryear ZyXEL Communications using ii default telnet credential combinations—admin/CentryL1nk together with admin/QwestM0dem—to gain root privileges on the targeted devices.
Researchers believe (instead "quite confident") this ongoing displace is business office of a novel Mirai variant that has been upgraded to exploit a newly released vulnerability (identified every bit CVE-2016-10401) inwards ZyXEL PK5001Z modems.
"ZyXEL PK5001Z devices bring zyad5001 every bit the su (superuser) password, which makes it easier for remote attackers to obtain root access if a non-root concern human relationship password is known (or a non-root default concern human relationship exists inside an ISP’s deployment of these devices)," the vulnerability description reads.Mirai is the same IoT botnet malware that knocked major Internet companies offline final twelvemonth yesteryear launching massive DDoS attacks against Dyndns, crippling approximately of the world's biggest websites, including Twitter, Netflix, Amazon, Slack, together with Spotify.
Mirai-based attacks experienced abrupt rising later individual publicly released its source code inwards Oct 2016. Currently, in that location are several variants of the Mirai botnet attacking IoT devices.
The biggest threat of having the source code of whatever malware inwards world is that it could let attackers to upgrade it amongst newly disclosed exploits according to their needs together with targets.
"For an assaulter that finds a novel IoT vulnerability, it would locomote slow to comprise it into the already existing Mirai code, thence releasing a novel variant," Dima Beckerman, safety researcher at Imperva, told The Hacker News.
"Mirai spread itself using default IoT devices credentials. The novel variant adds to a greater extent than devices to this list. Still, nosotros can’t know sure what other changes were implemented into the code. In the future, nosotros powerfulness witness approximately novel assail methods yesteryear Mirai variants."
This is non the rattling kickoff fourth dimension when the Mirai botnet targeted internet-connected devices manufactured yesteryear ZyXEL. Exactly a twelvemonth before, millions of Zyxel routers were flora vulnerable to a critical remote code execution flaw, which was exploited yesteryear Mirai.
Secure Your (Easily Hackable) Internet-Connected Devices
1. Change Default Passwords for your connected devices: If you lot ain whatever internet-connected device at domicile or work, modify its default credentials. Keep inwards mind; Mirai malware scans for default settings.
2. Disable Remote Management through Telnet: Go into your router’s settings together with disable remote management protocol, specifically through Telnet, every bit this is a protocol used to let i figurer to command approximately other from a remote location. It has besides been used inwards previous Mirai attacks.
3. Check for Software Updates together with Patches: Last exactly non the least—always proceed your internet-connected devices together with routers up-to-date amongst the latest firmware updates together with patches.
