September 14, 2018 By David Bisson < 1 min read

Security researchers discovered modified versions of the Mirai and Gafgyt Internet of Things (IoT) malware that are capable of targeting vulnerabilities affecting SonicWall’s Global Management System (GMS) and Apache Struts.

Earlier this month, Palo Alto Networks’ Unit 42 found a domain hosting a variant of the Mirai botnet containing exploits for 16 separate vulnerabilities. One of those flaws was an Apache Struts vulnerability associated with a major 2017 data breach — the first time security professionals observed Mirai targeting Apache Struts, a framework used for developing web applications.

The researchers’ analysis of Mirai led them to observe that the malicious domain previously resolved to a different IP address. Further investigation revealed that the IP address intermittently hosted a version of the Gafgyt botnet containing an exploit for CVE-2018-9866, a vulnerability affecting an older version of SonicWall’s GMS.

Mirai and Gafgyt Signal Shift Toward Enterprise-Level Attacks

Both Mirai and Gafgyt have been around for some time. Even so, Unit 42 detected three new attack campaigns from the two malware families in May 2018. The offensives also leveraged vulnerabilities affecting IoT devices, but those products were all consumer-oriented. The Unit 42 researchers posited that the addition of vulnerabilities targeting Apache Struts and SonicWall’s GMS could signal a shift toward attack campaigns targeting enterprise-level devices.

How to Defend Against IoT Malware

Security professionals can protect data privacy at the workplace by creating a dedicated incident response team to remediate vulnerabilities and disclose data breaches to the public. They should also consider investing in data protection solutions and conducting gap analyses to monitor the data generated by their employer’s IoT devices.

Finally, security personnel should aim to isolate IoT devices on their own network and establish access controls between these products and critical IT resources.

Sources: Palo Alto Networks, Palo Alto Networks(1)

More from

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today