VERY IMPORTANT

Unit 42 has uncovered new variants of the well-known IoT botnets Mirai and Gafgyt. These are the IoT botnets associated with unprecedented Distributed Denial of Service attacks in November 2016 and since. These variants are notable for two reasons: The new Mirai version targets the same Apache Struts vulnerability associated with the Equifax data breach in 2017. The new Gafgyt version targets a newly disclosed vulnerability affecting older, unsupported versions of SonicWall’s Global Management System (GMS). These developments suggest these IOT botnets are increasingly targeting enterprise devices with outdated versions. All organizations should ensure they keep not only their systems up-to-date and patched, but also their IoT devices. For Palo Alto Networks customers, WidlFire detects all related samples with malicious verdicts. Additional protections are noted in the conclusion below.