The Download
A recent variant of the Mirai botnet has emerged, targeting industrial routers and smart home devices by exploiting zero-day vulnerabilities. Notably, it leverages CVE-2024-12856, a flaw in Four-Faith industrial routers, and employs custom exploits for Neterbit routers and Vimar smart home devices. This botnet, active since February 2024, has approximately 15,000 daily active nodes, primarily in China, the U.S., Russia, Turkey, and Iran. Its primary function is to execute distributed denial-of-service (DDoS) attacks for profit, with activity peaking in October and November 2024.
What You Can Do
To mitigate these threats, IT administrators should promptly apply firmware updates and patches provided by device manufacturers, especially for Four-Faith, Neterbit, and Vimar devices. Implementing network segmentation can limit the spread of infections by isolating vulnerable devices from critical network components. Regularly monitoring network traffic for unusual patterns can aid in early detection of compromised devices. Additionally, changing default device credentials and disabling unnecessary services can reduce the attack surface, making it more difficult for botnets like Mirai to infiltrate and propagate within the network.
Use ThreatMate to continously monitor your attack surfaces. Sign up for a demo today.
To Learn More: