It’s Back – The Mirai Botnet

A little over a year ago, the Mirai botnet launched a sustained attack on the servers of the Internet  provider Dyn, taking it offline and thereby knocking its customers, including Twitter, the Guardian, Netflix, Reddit, CNN and others, offline.  The Mirai botnet was simple – find Internet of Things devices (IoT) that still had their default passwords and take them over.  Use those IoT devices to launch an attack at your target.  At its peak, Mirai controlled about 600,000 devices.  The attack generated between 500 Gigabits and 1,000 Gigabits of traffic per second, the largest attack ever seen.

Well it’s back and it has a new plan.

Rather than taking over webcams and DVRs, this time it plans to take over light bulbs and other low end devices and there are way more light bulbs than cameras.  Since the attack itself is very simple, it does not require a powerful device to run the attack.  Just a lot of them.

And just to dispel any myths, Mirai was not a nation state attack.  It was the brainchild of a couple of college age kinds who wanted to knock their competitor’s Minecraft servers offline.  The FBI caught them and they pleaded guilty.

In this case, the target is the ARC processor, which sells over 1 billion units a year.  Very simple processor.  Used everywhere.

Do the math.  If 600,000 devices or less could take down Twitter, Netflix and a host of other sites, what damage could a billion devices do.

Of course we can’t assume all of those devices could be compromised, but 1% of those devices is a million and that is almost double the size of the original Mirai at its peak.

How many people change the password for their light bulb?

This variant is called Mirai OKIRU and a number of anti virus products detect it.   Only problem is that people don’t run A-V on their light bulbs.

Many people have been saying for a long time that the security of the IoT is a joke; as useful as a screen door on a submarine.  IF this botnet takes hold, we may see how useful that screen door is. IF it takes hold.  Maybe we caught this in time,but I am not holding my breath.

Information for this post came from The Inquirer.

Leave a Reply

Your email address will not be published.