September 14, 2018 By David Bisson < 1 min read

Security researchers discovered modified versions of the Mirai and Gafgyt Internet of Things (IoT) malware that are capable of targeting vulnerabilities affecting SonicWall’s Global Management System (GMS) and Apache Struts.

Earlier this month, Palo Alto Networks’ Unit 42 found a domain hosting a variant of the Mirai botnet containing exploits for 16 separate vulnerabilities. One of those flaws was an Apache Struts vulnerability associated with a major 2017 data breach — the first time security professionals observed Mirai targeting Apache Struts, a framework used for developing web applications.

The researchers’ analysis of Mirai led them to observe that the malicious domain previously resolved to a different IP address. Further investigation revealed that the IP address intermittently hosted a version of the Gafgyt botnet containing an exploit for CVE-2018-9866, a vulnerability affecting an older version of SonicWall’s GMS.

Mirai and Gafgyt Signal Shift Toward Enterprise-Level Attacks

Both Mirai and Gafgyt have been around for some time. Even so, Unit 42 detected three new attack campaigns from the two malware families in May 2018. The offensives also leveraged vulnerabilities affecting IoT devices, but those products were all consumer-oriented. The Unit 42 researchers posited that the addition of vulnerabilities targeting Apache Struts and SonicWall’s GMS could signal a shift toward attack campaigns targeting enterprise-level devices.

How to Defend Against IoT Malware

Security professionals can protect data privacy at the workplace by creating a dedicated incident response team to remediate vulnerabilities and disclose data breaches to the public. They should also consider investing in data protection solutions and conducting gap analyses to monitor the data generated by their employer’s IoT devices.

Finally, security personnel should aim to isolate IoT devices on their own network and establish access controls between these products and critical IT resources.

Sources: Palo Alto Networks, Palo Alto Networks(1)

More from

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

What’s behind unchecked CVE proliferation, and what to do about it

4 min read - The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations' cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified.Meanwhile, Coalition's 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit 34,888—a 25% increase compared to the previous year. This upward trend presents a significant challenge for organizations trying to manage vulnerabilities and mitigate potential exploits.What’s behind…

Quishing: A growing threat hiding in plain sight

4 min read - Our mobile devices go everywhere we go, and we can use them for almost anything. For businesses, the accessibility of mobile devices has also made it easier to create more interactive ways to introduce new products and services while improving user experiences across different industries. Quick-response (QR) codes are a good example of this in action and help mobile devices quickly navigate to web pages or install new software by simply scanning an image.However, legitimate organizations aren’t the only ones…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today