Mirai Botnet Variant Exploits Flaws in Mitel SIP Phones, Offers DDoS as-a-Service

A new variant of the infamous Mirai botnet, dubbed Aquabot, is making the rounds, this time offering distributed denial-of-service (DDoS) as-a-service by exploiting flaws in Mitel SIP phones. It also features a unique capability to communicate with attacker command-and-control (C2).

Researchers Identify Vulnerabilities

Researchers at the Akamai Security Intelligence and Response Team (SIRT) identified the variant of the infamous botnet, actively exploiting Mirai and its variants, the researchers wrote.

Recommendations for Organizations

No matter what an attacker’s intentions are, the researchers recommended that organizations take action to secure IoT devices through discovery or changing default credentials to protect against DDoS threats.

Securing IoT Devices

"Many of these botnets rely on common password libraries for authentication," they wrote in the post. "Find out where your known IoT devices are, and check for rogue ones, too. Check the login credentials and change them if they are default or easy to guess."

Additional Resources

Akamai SIRT also included a list of indicators of compromise (IoCs) as well as Snort and Yara rules in the post to aid defenders.