Brian Krebs, whose website recently underwent a 620 Gbps DDoS attack, reported that an identified botnet trojan has been confirmed to be the malware responsible. Recently, the source code for the botnet (DDoS Malware) was made public on the Hackerforums website.
“Vulnerable devices are then seeded with malicious software that turns them into “bots,” forcing them to report to a central control server that can be used as a staging ground for launching powerful DDoS attacks designed to knock Web sites offline,” Krebs said.
The malware dubbed “Mirai” is a DDoS trojan that targets Linux systems. Mirai continuously scans the Internet searching for architectures deployed with IoT devices such as routers, IP-powered cameras, DVRs and so forth. The malware exploits devices that are protected by factory default or hard-coded usernames and passwords, all of which are easily hackable and lack proper security encryption settings. The malware corralled these machines into a massive network under the control of administrator who could execute DDoS attacks and target any websites.
The author of the Mirai DDoS botnet has published the source code following intense scrutiny increased unwanted attention to IoT botnet attacks. The hacker claimed that after attacking Krebs’ website, ISPs have been “slowly shutting down and cleaning up their act” and that the network had dropped to roughly 300,000 infected devices from around 380,000 at its height via weak telnet connections.
Experts indicate that new malware strains dedicated to IoT attacks will soon become more commonplace. Most IoT devices are difficult to manage for most consumers, difficult to constantly update software with enhanced security and encryption, and become easy targets for attackers.Source
At the end of August, Level 3 Communications released their research findings the Bashlite malware, which the company claimed is responsible for compromising more than one million web-connected cameras and DVRs. Bashlite accelerated its activity quickly in July, where the number of botnets increased to hundreds of thousands. Level 3 stated that out of the IoT devices infected with malware bots, “95 percent were cameras and DVRs, roughly 4 percent were home routers and less than 1 percent were compromised Linux servers,” setting a precedence never seen before in the number of IoT attacks.
Before Krebs, Arbor Networks reported that the last major IoT botnet attacks were targeting the 2016 Rio Olympics related websites. The LizardStressor IoT botnet manipulated more than 1,000 webcams to launch 400 Gbps DDoS attacks against gaming sites world-wide, Brazilian financial institutions, ISPs, and government institutions.