In 2016, some of the world’s most popular websites came to a halt when attackers launched a series of massive DDoS attacks from thousands of infected IoT devices known as botnets using the Mirai malware. The first victim was a French technology company, OVH, followed by the Brian Krebbs website. Later, the wave of attacks targeted Dyn, a cloud-based internet performance management company that overwhelmed its sites such as Amazon, Netflix, PayPal, The New York Times, and Verizon. The Mirai botnet at present continues to cause damage.
What is a Botnet Attack?
A botnet attack happens when attackers remotely control malware-infected devices, often known as botnets, with an intent to carry out financial theft, information theft, denial of services, and other scams. Malware is malicious code designed to damage computers or applications by exploiting security vulnerabilities in the operating system. Botnets include personal computers, mobile phones, smart devices connected to the internet and infected with malicious computer applications.
During a DDoS botnet attack, attackers control a large network of hijacked devices and send innumerable requests to overload the victim server, rendering the service inaccessible.
How Does the Mirai Botnet Work?
Mirai is a malware (self-propagating worm). Using a table of over sixty factory default login credentials, the malware scans the IoT devices and infects them so that a central set of command and control (C&C) servers can control them to launch DDoS attacks. Mirai malware is more damaging because even if an infected device is rebooted, it will be reinfected within minutes if the default password is not changed immediately.
Who Created the Mirai Botnet and Why?
In September 2018, an article published by the Department of Justice announced that three defendants, Paras Jha, 22, of Fanwood, New Jersey; Josiah White, 21, of Washington, Pennsylvania; and Dalton Norman, 22, of Metairie, Louisiana, have been sentenced for their roles in creating and operating Mirai and Clickfraud botnets. The trio used the malware to launch a series of DDoS attacks and sold the malware at rental service. Paras Jha and Josiah White also co-founded Protraf Solutions company that offered DDoS mitigation services to the victims of the Mirai botnet attacks. In addition, Brian Krebbs, the owner of the KrebsOnSecurity website, has published the full story of a four-month investigation into Mirai and its authors.
Why are Mirai Botnet Attacks Still So Intimidating?
According to Krebs Brian’s investigation, the authors of the Mirai malware released the Mirai botnet source code to the public under the name of Anna Senpai. As a result, attackers modified the code to develop several other Mirai variants to launch damaging DDoS attacks and rent it as DDoS-for-hire services. Such services are being auctioned and traded among attackers in online markets. They are rented for as cheap as 10 dollars and require minimum skills for launching DDoS attacks.
Manufacturers and users pay less attention to securing the Internet of Things (IoT) devices, which results in increasing botnets. A Cisco report mentions that 72.8% of mobile devices will be smart devices, and most mobile data traffic (99%) will originate from these smart devices by 2022. Additionally, a 5G connection will generate 2.6 times more traffic than the average 4G connection.
This means that with new variants and more vulnerable smart devices, the possibility of launching high-damaging DDoS attacks increases. Companies cannot stop attackers from using DDoS botnets such as Mirai as they continue to create variants and hijack IoT devices. However, if companies detect and remediate vulnerabilities regularly, they can block all possibilities of DDoS attacks successfully as an effective DDoS protection strategy.
Why DDoS Mitigation is Not Enough
DDoS mitigation solutions are only effective when their configuration maps the protected networks perfectly. Unfortunately, most mitigation systems do not automatically fine-tune their configuration. That means that any changes in the network impact the configuration settings and create DDoS vulnerabilities, making the network vulnerable to attacks.
Get Full DDoS Protection
Organizations can perform automated, non-disruptive, and continuous DDoS simulations with MazeBolt’s new technology, RADAR™ testing. Working with any existing DDoS mitigation solution installed, it delivers automated protection against DDoS attacks by testing more than 100 attack vectors against all targets with no disruption to production environments. It then verifies any patches to DDoS vulnerabilities and re-tests them to ensure that any new vulnerabilities are identified so that it can successfully block a potential DDoS attack – such as those caused by a Mirai botnet.