Apache Struts & SonicWall’s GMS exploits key targets of Mirai & Gafgyt IoT malware

Apache Struts & SonicWall’s GMS exploits key targets of Mirai & Gafgyt IoT malware

Security researchers at Palo Alto Networks’ Unit 42 have discovered modified versions of the notorious Mirai and Gafgyt Internet of Things (IoT) malware. The malware have the capability of targeting flaws that affect Apache Struts and SonicWall Global Management System (GMS).

Moreover, the Unit 42 researchers also discovered new versions of Mirai and Gafgyt (aka BASHLITE) botnets, which were used to launch DDoS attacks. The malware were responsible for causing massive, unprecedented destruction around the globe back in November 2016.

The malware were discovered earlier this month on a domain that was hosting a Mirai botnet variant. The domain contained exploits for around 16 different vulnerabilities, one of which was Apache Struts vulnerability. This particular vulnerability was identified in a 2017 data breach but it is the very first time that Mirai is targeting Apache Struts framework. It is worth noting that Apache Struts is used for web applications development.

After keenly observing Mirai botnet, researchers identified that the malicious domain had a different IP address previously. This IP address was hosting Gafgyt botnet and contained an exploit for a vulnerability that has been classified as CVE-2018-9866. This vulnerability can affect the old version of SonicWall GMS.

The new version of Mirai can target the same vulnerability in Apache Struts that was previously linked with the Equifax data breach in 2017. Conversely, the new Gafgyt version is capable of targeting old and unsupported versions of SonicWall GMS. This means, the IoT botnets are now focusing more on targeting older and outdated versions of enterprise devices.

Mirai variant samples were identified on Sep 7, 2018, by the Unit 42 researchers. SonicWall has already been notified about the exploits targeting its GMS. Both the malware have been around for years and this year, Unit 42 has already detected three new attack campaigns involving the two malware families. This time, the malware are not only exploiting vulnerable IoT devices but also consumer-oriented devices too.

It is very important for organizations to not only update and patch their systems but IoT devices too on a regular basis. Security professionals need to create dedicated incident response team to mitigate the threat and protect data privacy by remediating vulnerabilities.

Also, they should invest in carrying out gap analyses as well as the implementation of reliable data protection solutions to track the data being generated by installed IoT devices. Furthermore, for optimal security, IoT devices must be isolated on the enterprise’s network and access controls must be established between these devices and key IT resources.

Related Posts