News: Mirai Botnet Source Release Threatens Increased DDoS Attacks from Smart Home Devices

Mirai Botnet Source Release Threatens Increased DDoS Attacks from Smart Home Devices

Security journalist Brian Krebs recently suffered a record-breaking DDoS attack to his his website, clocking in at or near a whopping 620 Gbps of traffic. Krebs' site was down for over 24 hours, and it resulted in him having to leave his CDN behind.

While 620 Gbps is impressive, following the attack on Krebs, hosting provider OVH was on the receiving end of two gigantic DDoS attacks, one of them pushing over a terabyte per second of data!

These attacks were launched by a large botnet of hacked devices. Internet of things (IoT) devices, to be specific. And on Friday, September 30, the source for the botnet was released to Hack Forums, and was eventually picked up and mirrored on GitHub. The source code, called Mirai, scans the web for devices with default user names and passwords, or hard-coded credentials. Once it finds a suitable target, it installs malicious software, then reports back home.

The concept behind Mirai isn't fresh, but the targeted systems are. IoT devices are becoming more and more common in households, and include everything from "smart" refrigerators and smart plugs to thermostats, smoke detectors, and security cameras.

Gartner, Inc. forecasts that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from 2015, and will reach 20.8 billion by 2020. In 2016, 5.5 million new things will get connected every day.

As these devices become more prevalent, it becomes more and more important for security professionals to turn their attention towards them.

The move towards more security is always a slow one, especially in situations where the manufacturers are not motivated to produce a secure device due to cost. It's almost always cheaper to release the device and then let the security community report on issues than it is to hire a team to test in-house. With this kind of insecure-by-default design, I think the next few years are going to be an exciting time for pentesters and hackers everywhere. I, for one, can't wait to write a report explaining how I accessed an internal company network via a toaster.

Cover image by Teguh Jati/123RF

5 Comments

How about a tutorial on how to set this up maybe?

I'll be covering this or something similar soon!

David is right woud be nice if you can do a tutorial on it

Mirai is already a serious problem for internet infrastructure. I'll leave the gate to using it where it is, at being able to compile it from source.

Share Your Thoughts

  • Hot
  • Latest