The Mirai botnet: what it is, what it has done, and how to find out if you’re part of it

If you’re the type of person who stays updated on internet security and DDoS attack trends, you probably right skip along without a second thought when the possibility of unwittingly being part of a botnet is raised. After all, if you’re the type of person who stays abreast of these issues, there’s no way your computer is unsecured.

Perhaps take the time to consider the possibility just this once, because unless you’ve done the necessary digging required to change the default passwords on every single one of your connected devices – your smart fridges, smart TVs, Apple Watches and wireless video baby monitors – there’s a chance you’re part of one of the biggest, baddest botnets in the history of distributed denial of service (DDoS) attacks.

A new breed of botnet

As defined by DDoS mitigation provider Incapsula, a botnet is a group of internet connected devices that have been hijacked through malware so they can be remotely controlled, often without the owners’ knowledge. Once a botnet has been assembled it can be used for a number of malicious purposes, most notably for distributed denial of service attacks, which use the tremendous number of devices in a botnet to direct malicious traffic at a target website or server in order to overwhelm it and render it unusable for legitimate users.

Traditionally, botnets have been largely made up of infected computers, but with the way the internet has evolved there are now many more internet-connected devices for attackers to choose from. The newest trend in botnets comes courtesy of the Internet of Things (IoT) – all those innovative internet-connected devices that are revolutionizing homes, commercial establishments and public spaces around the world.

This is a dangerous innovation because security on these devices is lacking, to say the least. Security so far has not proven to be a major priority when it comes to the development of these devices, and rare is the consumer who thinks to secure their smart appliances and fancy new gadgets. The Mirai botnet and other IoT botnets are taking advantage of these oversights, assembling massive zombie armies that are now being unleashed on the internet.

Mirai mayhem

The Mirai botnet is made up of IoT devices that have been infected with Mirai malware, a malware built to find and infect IoT devices using default passwords, and to launch distributed denial of service attacks. The Mirai malware is so serious about its dirty work that it will actually remove other malware found on the device.

Some of 2016’s most notorious DDoS attacks came courtesy of the Mirai botnet. First came the 620 Gbps attack on online security blogger Brian Krebs, then called the biggest DDoS attack in history. Then came the 1 Tbps attack on French hosting provider OVH, which replaced the Brian Krebs attack as the biggest attack in history. Following that was the 1.2 Tbps attack on DNS provider Dyn that yanked PayPal, Spotify, Netflix, Twitter and other major websites and platforms off the internet. The Dyn attack is still currently known as the biggest DDoS attack in history.

The estimates of the number of IoT devices snared up in the Mirai botnet started around 50,000, jumping to 100,000 and then 150,000. A pair of hackers is now offering Mirai botnet-powered DDoS for hire services, claiming 400,000 infected devices.

The problem with vulnerabilities

The DDoS attacks being launched by Mirai and other IoT botnets have major consequences that ripple across the internet, costing organizations incredible amounts of money and causing widespread frustration and anger amongst users who are unable to access the websites they need.

Even if an IoT device owner were to somehow not care that their device is being used by remote attackers to wreak havoc across the internet, there are other aspects of malware infection that should be concerned. Major ones. If an attacker is able to use a default password to enlist a device as part of a botnet, an attacker is also able to use a default password to take control of the device, accessing data and other sensitive information, possibly even audio and video feeds in the case of CCTV cameras, baby monitors, nanny cams and more.

You can check if you have a device vulnerable to the Mirai malware by using this TCP/IP scanner. Regardless of what the scanner says, if your devices have default passwords, they need to be changed. No exceptions. This will protect you and your family as well as the internet at large. You also need to disable all remote or WAN access to your IoT devices. This open port finder is a good tool for checking for remote access capabilities on SSH (22), Telnet (23) and HTTP/HTTPS (80/443) ports.

An added bonus to taking these necessary steps is that the next time you come across the possibility that you could be unwittingly involved in a botnet, you can go back to skipping right along without a second thought.

Related Posts