Keeping a Hidden Identity: Mirai C&Cs in Tor Network

With its notoriety for being one of the most active internet of things (IoT) malware families, Mirai is one malware family system administrators consistently keep their eye on to make sure systems and devices are protected. Despite all the attention that the malware has received, it seems cybercriminals are still continually developing and using this malware.

Barely a month since discovering a new Miori variant, we found another new Mirai sample through our research. Like previous Mirai variants, it allows attackers remote access and control via exposed ports and default credentials in IoT devices such as IP cameras and DVRs, and allows attackers to use infected devices for distributed denial of service (DDoS) attacks via various methods such as User Datagram Protocol (UDP) flood attack. Compared to previous variants, however, we found this sample distinct because the cybercriminals placed the command and control (C&C) server in the Tor network for anonymity. This may be a developing trend among IoT malware developers, given that malicious actors’ C&C servers in the surface web can be reported and taken down — and it’s one trend that cybersecurity researchers, enterprises, and users alike may have to start defending against.

Read more…
Source: Trend Micro