Get Ready For Persirai: Like Mirai But Worse

Get Ready For Persirai: Like Mirai But Worse

Last September, a bunch of major websites were rendered 404 when the Mirai botnet surfaced. By attacking hundreds of thousands of unsecured IoT devices Mirai was able to attack DNS provider Dyn resulting in hundreds of online services dropping like flies. Persirai borrows some code from Mirai but “improves” upon it.

Trend Micro says they have detected about 120,000 Chinese-made cameras that are vulnerable through Shodan.

It’s worth reading the Trend Micro analysis of how Persirai works and what IP addresses and protocols it relies on for communication to its Command and Control centre.

Persirai highlights something security experts have been opining about for some time. There are too many devices being connected to public networks where convenience is favoured ahead of security. While the use of IoT devices to form a botnet for executing DDoS attacks is bad enough, we could see these devices exploited in other ways. I’d be surprised if exploited IoT devices aren’t being used to break into secure systems.

With devices being connected and, in many cases, not placed in isolated network environments it’s possible to move laterally from an infected IoT device across a network.

As I reported earlier this week, this isn’t purely an enterprise issue – home users need to be aware of the risks as well.