Security researchers discovered modified versions of the Mirai and Gafgyt Internet of Things (IoT) malware that are capable of targeting vulnerabilities affecting SonicWall’s Global Management System (GMS) and Apache Struts.

Earlier this month, Palo Alto Networks’ Unit 42 found a domain hosting a variant of the Mirai botnet containing exploits for 16 separate vulnerabilities. One of those flaws was an Apache Struts vulnerability associated with a major 2017 data breach — the first time security professionals observed Mirai targeting Apache Struts, a framework used for developing web applications.

The researchers’ analysis of Mirai led them to observe that the malicious domain previously resolved to a different IP address. Further investigation revealed that the IP address intermittently hosted a version of the Gafgyt botnet containing an exploit for CVE-2018-9866, a vulnerability affecting an older version of SonicWall’s GMS.

Mirai and Gafgyt Signal Shift Toward Enterprise-Level Attacks

Both Mirai and Gafgyt have been around for some time. Even so, Unit 42 detected three new attack campaigns from the two malware families in May 2018. The offensives also leveraged vulnerabilities affecting IoT devices, but those products were all consumer-oriented. The Unit 42 researchers posited that the addition of vulnerabilities targeting Apache Struts and SonicWall’s GMS could signal a shift toward attack campaigns targeting enterprise-level devices.

How to Defend Against IoT Malware

Security professionals can protect data privacy at the workplace by creating a dedicated incident response team to remediate vulnerabilities and disclose data breaches to the public. They should also consider investing in data protection solutions and conducting gap analyses to monitor the data generated by their employer’s IoT devices.

Finally, security personnel should aim to isolate IoT devices on their own network and establish access controls between these products and critical IT resources.

Sources: Palo Alto Networks, Palo Alto Networks(1)

More from

Remote Employees: Update Your Routers (and More WFH IT Tips)

As a business owner or manager, you must ensure your employees have the right tools and resources to do their jobs well — especially with more people working from home. And IT infrastructure is one of the most important considerations regarding remote work.However, the truth is that most employees don’t think about their IT infrastructure until something goes wrong. In many cases, this can leave an employee stranded and unable to complete their tasks. In a worst-case scenario, this reactionary…

More School Closings Coast-to-Coast Due to Ransomware

Instead of snow days, students now get cyber days off. Cyberattacks are affecting school districts of all sizes from coast-to-coast. Some schools even completely shut down due to the attacks. The federal government recently warned that K-12 schools face a growing threat from cyber groups. According to the FBI, school districts often have limited cybersecurity protections, which makes them even more vulnerable. The FBI also says it anticipates the number of threats to increase. In a recent warning, the nation’s…

The Role of Human Resources in Cybersecurity

The human resources (HR) department is an integral part of an organization. They work with all departments with a wider reach than even IT. As a highly visible department, HR can support and improve an organization’s security posture through employee training. Their access to employees at the start of employment is an opportunity to lay a foundation for a culture of risk awareness. HR departments do not typically include cybersecurity risk awareness training with new hire onboarding, but it’s something…

New Attack Targets Online Customer Service Channels

An unknown attacker group is targeting customer service agents at gambling and gaming companies with a new malware effort. Known as IceBreaker, the code is capable of stealing passwords and cookies, exfiltrating files, taking screenshots and running custom VBS scripts. While these are fairly standard functions, what sets IceBreaker apart is its infection vector. Malicious actors are leveraging the helpful nature of customer service agents to deliver their payload and drive the infection process. Here’s a look at how IceBreaker…