IoT Devices Targeted by Malware, Giving Hackers Remote Control

Researchers have discovered a new Mirai variant, IZ1H9, a malware that attacks small IoT devices, and enables remote operation by hackers to carry out large-scale network attacks.

The malware was discovered by Unit 42, the threat research team from Palo Alto Networks. First discovered in 2018, IZ1H9 targets devices using the Linux network, which is primarily used by IoT devices and has grown increasingly active in recent years.

Unit 42 researchers published a malware analysis in May identifying a string of IZ1H9 attacks since November 2021, all from the same source.

“IoT devices have always been a lucrative target for threat actors, and remote code execution attacks continue to be the most common and most concerning threats affecting IoT devices and Linux servers,” the researchers said. “Exposed vulnerable devices could lead to serious threats.

“The vulnerabilities used by this threat are less complex, but this does not decrease their impact, since they could still lead to remote code execution. Once the attacker gains control of a vulnerable device, they can include the newly compromised devices in their botnet.”

To combat the threat, Unit 42 recommended running regular updates when possible to monitor the presence of threats.

Mirai malware identifies and targets unsecured smart devices, taking control of them to create a network of remote-controlled bots that can launch collective cyberattacks. Mirai typically attacks consumer devices which are then used to conduct distributed denial of service (DDoS) attacks.

Related:A Play-by-Play Look at the Mirai Botnet's Internet Takedown