Mirai: Not Just For IoT Anymore
Botmasters have taken the lessons from developing Internet of Things (IoT) malware and shifted their focus to targeting commodity Linux servers. Like many IoT devices, unpatched Linux servers linger on the network, and are being abused at scale by attackers sending exploits to every vulnerable
In response to these findings that a new Mirai variant is targeting x86 Linux servers running Hadoop YARN (Yet Another Resource Negotiator) rather than IoT devices, a cybersecurity expert with Corero offers insight.
Sean Newman, Director Product Management, Corero Network Security
“Although smaller damaging attacks are happening all the time, we haven’t seen a significant sized DDoS attack since Memcached back in February this year. This has mainly been attributed to the rise in popularity of cryptocurrency mining, as a more immediately profitable use of hijacked CPU resource, but you just knew it would only be a matter of time before the next potential source of large-scale DDoS attacks came out of the shadows. DDoS is just too lucrative for the cyber criminals, either directly, or renting it out as a service, for this to go away any time soon, if at all.
With this latest vector leveraging exposed servers, as was also the case with Memcached, it may suggest a trend away from relying on the easy to compromise, but low powered, IoT devices that were famously brought into the limelight by the Mirai botnet. However, whatever the source of the attacks, this continues to reinforce the importance of having dedicated DDoS protection in place, as part of a comprehensive layered defense strategy.”