While the Mirai IoT botnet primarily targeted consumer devices using default credentials, a spiritual successor could potentially infect devices running on corporate networks. Security researchers at Palo Alto Networks Unit 42 have recently discovered a new strain of malware called a "botnet" called Echobot, based on the Mirai source code and aimed at fixing flaws in management tools. In addition to the previously targeted vulnerabilities, Echobot is also tired of exploiting the CVE-2019-2725 vulnerability in Oracle WebLogic Server and the CVE-2018-6961 vulnerability in VMware NSX SD-WAN to add even more machines to its botnet. . According to the Palo Alto team, those who originally Echobot have extended the malware exploitation arsenal to reach others. Peripherals such as home routers, web cameras, and digital video recorders. Mirai has gained notoriety by targeting consumer devices and now the Echobot and other variants have turned to the company.
New goals
By expanding its range of targets, Echobot now poses an even greater threat than Mirai. According to Akamai's Larry Cashdollar, the botnet is also trying to exploit past security flaws. Cashdollar found that many of the new malware vulnerabilities were related to vulnerabilities that had been around for nearly 10 years but had not been adequately addressed, including the CVE-2009-5157 vulnerability found in Linsys devices and the CVE-2010-5330 vulnerability. . on ubiquiti devices. In an article on Akamai's website, Cashdollar explained how Echobot is trying to exploit old vulnerabilities, stating: "Botnet developers are always looking for ways to spread malware. They don't just rely on exploiting new vulnerabilities targeting IoT devices, they but also vulnerabilities in enterprise systems. Some of the new vulnerabilities they added are older and have not been fixed by the vendor. It seems that the Echobot updates are targeting systems that may have remained in service but whose vulnerabilities have been passed bypassed. This is an interesting tactic because these systems, if discovered, have remained vulnerable for years and likely remain so for many others." through registration