Mirai IoT Botnet: 5 Fast Facts You Need to Know

 The Internet of Things is behind the massive DDOS attack
The Internet of Things is behind the massive DDOS attack

Cybersecurity firm Flashpoint has traced Friday’s widespread internet outage to the Internet of Things, according to cybersecurity expert Brian Krebs.

The cyberattacks which affected popular websites from Twitter to Reddit are the result of malware called “Mirai”, which manipulated smart technology to take the sites offline. The malware used vulnerable technology to launch a Distributed Denial of Service attack, overwhelming the web service DYN with traffic resulting in slow Internet speeds and offline sites.

Here’s everything you need to know about ‘Mirai’:

1. IoT Botnet ‘Mirai’ Targets Vulnerable ‘Smart’ IoT Technology and Turns Them into ‘Bots’

 The Internet of Things is behind the massive DDOS attack

Like a parasite, ‘Mirai’ will use a host to launch cyberattacks. The botnet scans the Internet for IoT systems protected by factory default or hard-coded usernames and passwords, according to Kreb’s blog KrebsOnSecurity. Botnets can exploit weak security measures such as standard password and username combination (eg admin, 1111) across devices. These systems are infected with malware, which directs them to a central control system, where they are prepared to launch an attack to take websites offline. Here is a list of the services that were down.

According to HackRead, ‘Mirai’ can break into a wide range of IoT devices from CCTV cameras to DVRs to home networking equipment turning them into ‘bots’. There are nearly half a million Mirai-powered bots worldwide, according to telecommunications company and internet service provider (ISP) Level 3 Communications. Here are the countries with the highest concentrations of IoT devices:

2. ‘Mirai’ Took Out Amazon, Spotify, Twitter and More Websites in a DDOS Attack

 The Internet of Things is behind the massive DDOS attack
The Internet was down throughout the country (Down Detector)

The morning of October 21 saw widespread internet outages caused by a massive DDOS attack, which overwhelmed the web service with traffic. Krebs reported that cybersecurity firm Flashpoint traced the hack to Mirai. The journalist’s own website, krebsonsecurity.com, was taken down by Mirai-powered DDOS attack. The cyberattack on Friday targeted Internet traffic company DYN, which provides services for websites like Amazon, Spotify and Twitter. Other botnets may have been behind the attack reports Politico’s cybersecurity reporter Eric Geller.

In an interview with CNBC, DYN said that the attacks were “well planned and executed, coming from tens of millions IP addresses at same time.” The Department of Homeland Security and White House are also looking into the attack. NBC News reports that one official ruled out North Korea as a suspect.

3. ‘Mirai’s Author Has an Avi of Anime Character Anna Nishikinomiya and Mirai Means “Future” in Japanese

 The Internet of Things is behind the massive DDOS attack

The person who created the botnet is nicknamed ‘Anna-Senpai’ and has an avi of the anime figure Anna Nishikinomiya. Anna appears in the Japanese novel series Shimoseka, which is set in a dystopian future filled with morality police.

As the student council president of a prominent ‘morality school’ Anna is the enforcer of public morality laws according to MyAnimeList. The word ‘Mirai’ also has Japanese origins meaning ‘future’ in Japanese. A manga series called ‘Future Diary’ also describes a dystopian society modeled after the battle royale (think Hunger Games) where each contestant has a diary with notes written from the future.

‘Mirai’ is also part of a family of malware that infects IoT devices through default usernames and passwords. The other malware that has been used to create an IoT device army is called “Bashlight”. While these two strains of malware compete with each other, research from Level 3 suggests that they target some of the same devices. Currently, “Bashlight” is creating an army of a million IoT devices.

“Both [are] going after the same IoT device exposure and, in a lot of cases, the same devices,” said Dale Drew, Level3’s chief security officer told KrebsOnSecurity.

4. You Can Wipe Off the Malware From an IoT System But Recurrence is Likely

 The Internet of Things is behind the massive DDOS attack
The Internet of Things make common appliances vulnerable to cyber threats

It’s possible to clean an IoT system infected by ‘Mirai’, but the botnet scans systems so often that there’s a high chance of recurrence. You can destroy the malicious code by rebooting the computer, but experts warn that vulnerable IoT devices can be re-infected in minutes.

This is bad news for cybersecurity as the IoT devices market heats up as people buy into the smart, automated systems. Gartner Inc. projects connected devices to rise to 6.4 billion worldwide in 2016 with almost 5.5 million devices being connected daily.

Telecommunications company Level 3 advised users to upgrade devices and set strong passwords, according to the Wall Street Journal. For a more sustainable solution to DDOS attacks, Krebs says ISPs will need to protect their networks from spoofing, where the attacker sends messages as the victim website and generates a huge amount of traffic. He added that the lack of these safeguards could lead to online censorship.

5. Source Code for ‘Mirai’ Botnet was Released Publicly Which Opens the Door for Future Botnet Attacks

After weathering an attack from the ‘Mirai’ botnet, KrebsOnSecurity reported that the code that powers ‘Mirai’ was made publicly available on HackForums. The hacking community has access to information they can use to infect millions of smart devices. The source code for the scanner is also located on Github and has been copied at least 700 times as of this posting.

The Github post claims to provide all the source code to set up a working botnet under one hour.

From: www.heavy.com

By Edward Cox 

He has worked for the Chicago Tribune, Inc.com, and Daily Northwestern.

Follow him on Twitter @edwardcox88 or reach out to him at edward.cox@heavy.com. 

In god we trust