New Mirai Botnet Variant Targets IoT Devices
June 26th, 2023 |
A new variant of the well-known Mirai botnet has been identified as IZ1H9. This variant specifically targets Internet of Things (IoT) devices that operate on the Linux platform. What sets IZ1H9 apart is its unique capability to cannibalize devices already infected with previous versions of the Mirai botnet.
The botnet targets IoT devices that use the Linux operating system. The creators of IZ1H9’s actions suggest the intent to gain control over a vast network of IoT devices to execute powerful Distributed Denial of Service (DDoS) attacks. These attacks can render targeted online services, like websites, inaccessible by flooding them with an overwhelming amount of traffic.
IZ1H9 employs HTTP, SSH, and Telnet protocols to infect devices. It is equipped with a unique function that ensures only one instance of this malware operates on a device at a time. If another botnet process is detected, IZ1H9 terminates it, allowing it to erase not just other botnet families but also other variants of Mirai from the device.
This Mirai variant has been tracked since August 2018. Research revealed that a single threat actor has been actively deploying IZ1H9 since November 2021. It was not until mid-April of this year that the campaign was spotted. During that time, the threat actor targeted endpoints already infected with Mirai to replace previous iterations with IZ1H9.
The emergence of this new Mirai variant brings with it severe implications. Its focus on IoT devices, many of which are not updated or may not have the capability to be updated, means there is significant potential for widespread compromise.
Acreto Solution
Acreto’s innovative solution offers a comprehensive approach to tackle cyber threats such as the Mirai IZ1H9 variant, specifically designed for complex environments that involve various types of devices and network configurations.
-
Ecosystems Acreto’s Ecosystems can limit access to a specific application, use-case, project, or third-party, delivering a dedicated security infrastructure that supports any technology, on any network, anywhere in the world. This includes not only conventional devices like computers and mobile phones but also IoT devices and third-party applications. Such an approach could effectively mitigate threats like IZ1H9, confining its spread within a limited ecosystem and preventing it from infecting other systems.
-
Elimination of Internet and Internal Attack Surfaces Acreto’s solution eliminates any and all access from the Internet, which is instrumental in curbing the spread of IZ1H9, which relies on HTTP, SSH, and Telnet protocols. By utilizing micro-segmentation and nano-segmentation, Acreto isolates individual or groups of systems on a shared network or the entire network, limiting access only to systems that need to interoperate together.
-
Encrypted Secure Scan The Encrypted Secure Scan feature allows you to decrypt, scan, and re-encrypt communications inline and in real-time. This feature can detect and block any malicious content embedded in encrypted payloads, a vital feature given that IZ1H9 is a form of malware.
-
Access Controls Acreto employs a multi-faceted approach to access controls, encompassing user and device identities, network protocols, application protocols, and even specific application programs. These stringent controls effectively inhibit the spread of IZ1H9 by limiting its ability to communicate with other systems and networks.
-
Content Controls By applying content category controls and file type upload/download controls, Acreto can further enhance the security of its ecosystems. For instance, the prevention of uploading or downloading executable files (.exe) is instrumental in stopping the spread of botnets like IZ1H9.
-
Threat Prevention Acreto’s threat prevention capabilities incorporate threat signature identification and zero-day behavioral analysis. These methods, in combination with Encrypted Secure Scan, effectively identify and mitigate known threats like botnets and malware, as well as new, unknown threats.
-
Event Tracking & Management Lastly, the ease of provision, sustainability, and change management provided by Acreto’s solutions can ensure that the organization’s security posture remains robust and adaptable to new threats. This simplified management reduces the complexity of traditional security approaches, making it easier to respond to threats like IZ1H9 in a timely and effective manner.
Contact Acreto today for more information or to evaluate Ecosystem security for your organization.
Ecosystem Security Isolation
Ecosystems deliver a dedicated security infrastructure that can be deployed per application, use-case, project or third-party. An Ecosystem inherently limits access only to users, devices, systems and applications that need to interoperate together.
Ecosystems support any technology, on any network, anywhere in the world. These include computers, mobile devices, IoTs, Offices, Clouds, SaaS and Data Centers.
Ecosystems can be configured as:
Open → With inbound or outbound access from or to the Internet or a third-party
Closed → Fully contained with access limited to Ecosystem members
Hybrid → Where some systems have inbound or outbound Internet access while others operate fully contained.
Eliminate the Internet Attack Surface
Eliminates any and all access from the Internet while Ecosystem members can interoperate with authorized systems and applications.
Eliminate the Internal Attack Surface
Ecosystems can easily isolate individual or groups of systems on a shared network or entire networks, to limit access only to systems that need to interoperate together. This is done with
-
Micro-Segmentation Segmenting groups of systems on any shared network, including hostile networks or the entire network.
-
Nano-Segmentation Isolating an individual system, device or application to limit access only to other authorized Ecosystem members.
Isolated Data Flows
Isolated data flows can be defined between two Ecosystem members to limit access to specified sources and destinations, network protocols and ports, application protocols as well as application programs.
Encrypted Secure Scan
Secure Scan addresses a key weakness in many security tools today. 90%+ of all communications is encrypted, yet only 10% of organizations have the means to secure these communications. Encrypted Secure Scan decrypts, scans, and re-encrypts communications inline and in real-time.
Any malicious content embedded in the encrypted payload is blocked, otherwise the clean and validated communication is delivered to its final destination.
Controls
Access Control
Identity with MFA
-
User Authorizes access to the Ecosystem by a user’s identity, including MFA, as authenticated by the organizations’ Directory Services such as Active Directory or LDAP, as well as third-party Identity Service Providers such as Okta, Ping, Duo, and CloudJump among others.
-
Device Specifies a unique identity to each device to validate that a specified device that does not rely on a user to operate – such as an autonomous application or IoT, is allowed to join the Ecosystem.
Network Protocol / Port
Control the network protocol (TCP, UDP, ICMP) and Port (1-65535) any Ecosystem member can use to communicate with any other Ecosystem member or Internet resource by IP, user or device identity. Both inbound and outbound Internet flows are supported.
Application Protocol
Control the application protocol (HTTP, DNS, SMTP, SMB, etc…) any Ecosystem member can use to communicate with any other Ecosystem members or Internet resource by IP, user or device identity. Both inbound and outbound Internet flows are supported.
Application Program
Control the application program (MS-Exchange, Oracle, Facebook, GMail, etc…) any Ecosystem member can use to communicate with any other Ecosystem members or Internet resource by IP, user or device identity. Both inbound and outbound Internet flows are supported.
Content
Content Category
Control communication based on content categories such as Adult, Gambling, Politics, Malware sites among 90+ category options.
File Type Upload / Download Controls
Control upload / download of files by type such .EXE, PDF, XLS, DOC, SCR, and MSI among hundreds of options.
Data Leak Prevention
Prevent data leaks by identifying and mitigating the upload or download of sensitive data such as:
-
Credit Cards Upload / Download Controls
-
Social Security Number Upload / Download Controls
-
RegEx Pattern Upload / Download Controls
Threat Prevention
After verification of network protocol, port, application protocol and application program, a deep inspection is performed on all communications. The effectiveness of this method is amplified by inline Encrypted Secure Scan. Threat prevention capabilities utilize two key methods:
Threat Signature
Identifies and mitigates known bad exploits, malware, botnets and ransomware.
Zero-Day Behavioral Analysis
Looks for behavioral indication of threats based on how system functions react to the payload, immediately and over time.
Simplicity
Acreto Ecosystems are very easy to provision and deploy. There are no hardware dependencies or associated logistics.
Provisioning an Ecosystem takes 3-5 minutes. Simply provide a unique name to the Ecosystem then choose the bandwidth desired and within a few minutes your Ecosystem providing a dedicated security infrastructure is ready.
Depending on your connection options for Ecosystem members, deployment can take between 10 minutes to a few hours.
Sustainability
Acreto Ecosystems utilize a sustainable model without any dependency on products and their associated logistics. There are no more updates, upgrades or technology refreshes.
Change Management
Different Ecosystems operate completely independently from one-another. Therefore, change management impacts only members of a specified Ecosystem, not the entire organization. This simplifies the traditionally complex change management process.
Policy Management
Policy management also benefits from Ecosystems. Because Ecosystems are specific to a customer scenario such as an application, use-case, project or third-party, all policies apply to the scenario. Moreover, when its time for policy cleanup, when an application or use-case is retired, disabling or deleting the Ecosystem automatically prunes the policies. This has traditionally been a complex task that is at best inaccurate.
About Acreto
Acreto delivers full-stack cybersecurity without products, logistics or significant security expertise. It creates and consolidates the best of cybersecurity into a single plug-and-play platform with automated updates to stay ahead of threats. Acreto activates enterprise-grade security instantly, so organizations can run safely, easily, and without interruption.