Earlier this June, security researchers at Palo Alto Networks had discovered a new variant of Mirai botnet named Echobot using a total of 18 exploits to target IoT devices. However, the latest research cites that Echobot has evolved to include 26 exploits in its arsenal.
What are the targets of the latest variant of Echobot?
The targets of the latest Echobot variant include network-attached storage devices (NAS), routers, network video recorders (NVR), IP cameras, IP phones, and wireless presentation systems.
What are the additional exploits?
Most of the exploitation code included in the Echobot variant is for unpatched IoT devices. Apart from these the botnet also exploits well-known vulnerabilities in Oracle WebLogic and VMware SD-Wan.
"I counted 26 different exploits that were being used in the spread of this botnet. Most were well-known command execution vulnerabilities in various networked devices," said Larry Cashdollar from Akamai Technologies in a blog post.
The new variant of Echobot includes 8 extra exploits along with the previously available exploit.
The 8 additional exploits are:
The bottom line
Cashdollar’s latest research reveals that Echobot uses the same attack code derived from Mirai. But the only difference seems to be the addition of exploits that help the Echobot variant to spread.