Satori Botnet Turns IoT Devices Into Zombies By Borrowing Code from Mirai
Like a zombie rising from the dead, a new botnet is reemerging from the remains of Mirai malware. Specifically, modern-day threat actors are breathing life into a fast-evolving botnet called Satori by repurposing some of the source code from Mirai. And now, Satori is creating zombies of its own, as its been found hijacking internet-connected devices and turning them into an obedient botnet army that can be remotely controlled in unison.
Satori, as of now, is a work in progress. But that also means it’s evolving rapidly. Satori knows that agility equates to survival — we’ve seen it adapt to security measures and transcend its former self time and time again. Researchers have even taken down the main Satori C&C server, only to find the botnet remerge shortly after.
So it’s no surprise that it recently reemerged stronger than ever before. The current version has been found targeting software associated with ARC processors, which are used in a variety of IoT devices. Once it finds a weakness in an IoT device, Satori checks to see if default settings have been changed, and gains control of any machine that still has them. From there, it connects to the larger network and gains control of other devices that may be on it. So far, Satori has only managed to enslave a small number of devices. But once its army becomes large enough, it can be summoned to pump out masses of e-mail spam, incapacitate corporate websites, or even bring down large chunks of the internet itself.
Apparently, Satori doesn’t just take code from Mirai, it takes cues too – as these efforts are reminiscent of the infamous Mirai DDoS attack. But we can take cues from Mirai too in order to prepare for a potential Satori attack. First and foremost, every owner of an IoT device must change the default settings immediately – a necessary security precaution that many don’t take, which gave Mirai the firepower it needed in the first place. From there, users should disable telnet access from the outside and use SSH for remote administration if needed. However, this responsibility falls on the shoulders of manufacturers too, as they should enforce these settings by default. If both users and vendors follow these simple security steps, we can stunt Satori’s growth and stifle its Mirai-inspired ambitions entirely.
To learn more about the Satori botnet, and others like it, be sure to follow @McAfee and @McAfee_Labs on Twitter.
The post Satori Botnet Turns IoT Devices Into Zombies By Borrowing Code from Mirai appeared first on McAfee Blogs.
Read more: Satori Botnet Turns IoT Devices Into Zombies By Borrowing Code from Mirai
More antivirus and malware news?
- 6 new and noteworthy security features in Windows 10 Fall Creators Update
- Pwn2Own contest becomes victim of cyberweapon restrictions
- Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructures
- Microsoft Windows SSLv3/TLS CVE-2013-0013 Security Bypass Vulnerability
- Continuous IT audits are needed to combat today’s cyber threats
- Pacemaker hack can deliver deadly 830-volt jolt
- TMI! Facebook moves to stop over-sharing
- Redhat 3scale API Management CVE-2019-14849 Information Disclosure Vulnerability
- Founder of collapsed Bitcoin exchange Mt. Gox arrested, charged again
- Chrome 114 Released With 18 Security Fixes