Mirai variant ‘Beastmode’ exploits fresh vulnerabilities

Ryan Daws is a senior editor at TechForge Media with over a decade of experience in crafting compelling narratives and making complex topics accessible. His articles and interviews with industry leaders have earned him recognition as a key influencer by organisations like Onalytica. Under his leadership, publications have been praised by analyst firms such as Forrester for their excellence and performance. Connect with him on X (@gadget_ry) or Mastodon (@gadgetry@techhub.social)

A variant of the Mirai botnet called Beastmode has been observed exploiting recently-discovered vulnerabilities.

The Mirai botnet is composed primarily of IoT and embedded devices. In 2016, Mirai made national headlines when it used exploited connected devices to overwhelm several high-profile targets with record-setting Distributed Denial-of-Service (DDoS) attacks.

Mirai’s original creator was arrested in the fall of 2018 but variants have continued to emerge which take advantage of new vulnerabilities.

Security researchers from Fortinet have been observing the Beastmode variant and found that it’s been aggressively updating its “arsenal of exploits”. Fortinet’s researchers observed Beastmode adding five new exploits within a month.

Three of the exploits use vulnerabilities discovered between February and March 2022 to target various models of TOTOLINK routers:

Fortinet noted how a typo in a URL used for the third family of vulnerabilities was fixed in samples collected three days after it was initially caught on 20 February 2022, “suggesting active development and operation of this campaign.”

A number of other connected devices are targeted by the Beastmode variant:

  • TP-Link Tapo C200 IP camera.
  • D-Link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L (all discontinued and updated firmware is not available.)
  • Huawei HG532 routers.
  • NUUO NVRmini2, NVRsolo, and Crystal devices.
  • NETGEAR ReadyNAS Surveillance products.

“Threat actors, such as those behind the Beastmode campaign, continue to rapidly incorporate newly published exploit code to infect unpatched devices using the Mirai malware,” wrote Fortinet’s researchers.

“By continuously monitoring the evolving threat landscape, FortiGuard Labs researchers identify new vulnerabilities exploited by Mirai variants and malware targeting IoT devices to bring greater awareness to such threats and better secure our customers’ networks.”

(Photo by Basil James on Unsplash)

Want to learn more about cybersecurity from industry leaders? Check out Cyber Security & Cloud Expo. The next events in the series will be held in Santa Clara on 11-12 May 2022, Amsterdam on 20-21 September 2022, and London on 1-2 December 2022.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: , , , , , ,

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *