Mirai’s Children Are Still a Major Security Threat
You’ve probably heard the phrase “the gift that keeps on giving,” meaning one that the recipient will continue enjoying for a long time. Well, consider Mirai as the opposite: The threat that keeps on threatening.
Mirai, for those unfamiliar with it, is a form of malware that emerged in 2016 to terrorize users. Used to seize control of Internet of Things (IoT) devices to form a botnet for staging massive scale Distributed Denial of Service (DDoS) attacks, Mirai found vulnerable connected devices and then infected them with malware allowing them to be remote controlled.
It did this by scanning the internet for suitable candidate devices with processors running stripped-down Linux operating systems. By attempting to gain access using a list of common factory default username and password combos, Mirai was able to log into the connected gadgets in question (anything from baby monitors to medical devices) and install the malware attackers could use to stage a DDoS attack for knocking out a website or internet service. The effects could be devastating – and continue to persist several years later.
The children of the malware revolution
More than half a decade is a veritable lifetime in the world of cyber security. Software bugs and vulnerabilities that existed in 2016 have, in almost all cases, long since been patched here in 2022.
But Mirai is showing no signs of abating. In fact, the “children” of Mirai continue to pose a threat today. One reason for this is that the original authors of the Mirai malware, who used it to attack the website of a famous security authority, made the decision to release the Mirai source code to whoever wanted it.
This open-sourcing of Mirai’s code meant that not only did a highly effective strain of malware exist, but that it was also available to whoever wanted it. This inevitably led to it rapidly being adopted by various cybercriminals around the world, who used it to stage their own DDoS attacks – such as one which successfully hit Dyn, the domain registration services provider, in late 2016.
The attacks continue
That spread of Mirai has not tailed off in the years since. Botnets that have been built using the Mirai codebase are still being used by cyberattackers. A recent report noted the prevalence of botnets building on Mirai – including names such as Echobot, BotenaGo, Lolil, Mozi, Moonet, Zeroshell, and others – and how these continued to proliferate through 2020 and 2021 during the pandemic. In many cases, the threat actors (often appearing to hail from Russia) offered to rent out a variety of these botnets for others wanting to stage their own DDoS attacks.
Don’t expect things to get better any time soon, either. The number of connected IoT devices that are used around the world continues to increase. According to Statista estimates, there will be upward of 25 billion connected IoT devices by the end of the decade, more than triple the number that there were when Mirai first emerged in 2016. Unless there is a radical overhaul of security for these devices – which, to date, has not happened – this poses an enormous risk. Botnets such as Mirai and its offspring can target these devices and turn them into, essentially, Manchurian Candidates that can be used to bombard victims with coordinated assaults in the form of large quantities of fake traffic. This has the effect of overwhelming the target and leaving it unable to offer service to legitimate traffic.
The greater number of IoT devices simply means that attacks can be larger and more sophisticated than ever. In addition to DDoS, botnets can also be used for staging other cyber attacks, such as credential stuffing attacks.
The tools to help
The answer, at least on the level of individuals organizations, is to invest in the right cyber security solutions. Fortunately, such tools are available to help. DDoS mitigation solutions are able to aid by detecting and blocking various types of DDoS attacks using tools like DNS (Domain Name Servers) protection and Web Application Firewalls (WAFs). Using these solutions can help would-be targets to identify possible attacks and stop them in their tracks – all while continuing to allow genuine traffic to reach its intended target destination. Other solutions like traffic scrubbing centers can also assist in absorbing large-scale DDoS attacks, stopping the potential costly risk of outages.
Cyber attacks are a cause for concern for every business out there today. The effects can be devastating – ranging from reputational risk to costly periods of (unasked for) downtime. However, just as Mirai continues to evolve, so too do the solutions for helping to better deal with it and other attacks of its ilk.
Make sure you select the right ones to help and you won’t have to spend any sleepless nights worrying about Mirai – or any other member of its sordid family tree for that matter.