alt tag

The Mirai Botnet Returns — and Why You Should be Concerned

The Mirai botnet refers to a massive-scale network of Linux-running Internet of Things devices turned into remote-controlled bots through a malware infection. Hackers can use the network to run a distributed denial of service, or DDoS, by having the infected devices overwhelm a target with data traffic. Mirai malware and its copycats are an ongoing threat to Internet security and stability. All businesses should be concerned about Mirai’s damage potential and perform their security due diligence to avoid contributing to the problem.

A History of Attacks

Mirai first appeared September 2016, then reemerged in late 2017; its botnet of devices maxed out at around 600,000 infected devices.

While the average person probably doesn’t know what Mirai is, most people in the eastern half of the United States experienced what it can do: it was responsible for the October 2016 wide-scale slowdown of the Internet for the entire region.

Without diving too deep into the technical details, this outage-causing traffic came from malware-infected routers and cameras. In the malware botnet’s initial use, it created a massive 630 Gbps attack on a journalist’s website on September 20, 2017, double the traffic from the previous largest known attack.

While the hackers from the original Mirai attack eventually pleaded guilty, the threat from Mirai and similar malware is still very real. In late 2017, hackers used a variation to seize control of over 100,000 devices in just 60 hours, mostly consisting of unsecured modems made by ZyXEL.

How It Works

Mirai is a worm-like malware that infects Internet of Things devices by using factory default credentials. The malware scans the Internet for dozens of IoT devices with known vulnerabilities from default security settings and seizes them. Mirai exploits human behavior because owners often don’t change the default settings. The malware will control the device and use it to flood a target with Internet traffic when the hackers activate a signal. The malware creates an ad-hoc network of thousands of devices and has them all attack a target at the same time until the target’s web hosting platform is so overwhelmed with traffic it goes offline.

Mirai is dangerous because it inspires copycat malware that can be used for similar attacks. This malware family tends to target low-hanging fruit: low-cost electronics with little security. Device owners will have a difficult time identifying when their devices are infected because they remain dormant between the infection and the attack.

What It Means for Businesses

Businesses should be concerned about Mirai and similar malware in two areas: having their devices seized by the malware and being a target of a DDoS attack. Your business could be a victim of the malware without being a hacker’s target if your devices get infected and become a part of the network. An infection could potentially run up bandwidth usage, lead to slower network connections, and cause device malfunctions. Your business could be a target of a botnet DDoS attack, but your company’s devices are far more likely to be infection targets.

Tags: , , , , , , , , , , , , , , , ,

Leave a Reply