According to this link, https://www.zdnet.com/article/new-echobot-malware-is-a-smorgasbord-of-vulnerabilities/, security researchers have found a new Mirai variant called Echobot that targets a wide range of IoT devices and enterprise apps.
- Echobot is based on Mirai malware, like hundreds of other botnets that emerged once the source code became publicly available
- Uses 26 exploits to propagate
- The targets of the latest Echobot variant include network-attached storage devices (NAS), routers, network video recorders (NVR), IP cameras, IP phones, and wireless presentation systems.
Javvad Malik, Security Awareness Advisor at KnowBe4:
“There is a compounding challenge where IoT device security is not being improved and, at the same time, these insecure devices continue to proliferate through enterprises. From a technological perspective, many IoT devices don’t support good security such as having the ability to download patches, prompting users to change default passwords or have enterprise-grade management capabilities.
Therefore, enterprises should consider how IoT is deployed on the network and how to segregate them from outside attacks as well as from the rest of the network. In many cases, the deployment and use of IoT devices is more of a risk management challenge and enterprises need to weigh up the advantage of IoT in the enterprise vs the threats that they could open up.”
