949.235.8742 [email protected]

Company Network Security systems are facing a heightened DDoS threat from Mirai and other botnets.

Recently, IoT devices – such as printers, routers, video cameras, and smart TVs – have been used to create large scale botnets. These networks of devices infected with self-propagating malware, allowing them to carry out crippling distributed denial-of-service attacks.

How does it work?

Mirai malware continuously scans the internet for vulnerable IoT devices, which are then infected and used in botnet attacks. The Mirai bot uses a short list of 62 common default user names and passwords to scan for vulnerable devices and, because many IoT devices are unsecured or weakly secured, this short dictionary allows the bot to access hundreds of thousands of devices.

IoT devices are particularly susceptible to malware, so protecting these devices, as well as any connected hardware, is crucial to protect systems and networks.

Case Studies

Brian Krebs’ security blog has seen its network security compromised by one of the largest DDoS attacks on record. On September 20 2016, the blog was targeted by an attack exceeding 620 gigabits per second, created by an IT botnet powered by Mirai malware. It is thought hat over 380,000 IoT devices were enslaved by the Mirai malware in the attack.

A separate malware attack on French webhost OVH, broker the record for the largest recorded DDoS attack, with at least 1.1 terabits per second.

The Impact

The release of the Mirai source code onto the Internet heightens the risk of botnets being generated. These botnet attacks could significantly disrupt an organization’s communications or cause substantial financial harm.

Removing Mirai malware from an infected IoT device

If you suspect that a device has been infected by Mirai malware, take the following steps:

  • Disconnect the device from your network
  • Perform a reboot to clear the malware from the dynamic memory
  • Change the device’s password from the default password to a strong password
  • Reconnect the device

Protect your network

Take the following precautions to protect your network and devices from malware infection:

  • Change all default passwords to strong passwords
  • Update IoT devices with security patches as soon as they become available
  • Disable Universal Plug and Play on routers, unless essential
  • Purchase IoT devices from companies with a good security reputation
  • Be aware that any at-home medical devices that transmit data or can be operated remotely, have the potential to be infected
  • Monitor Internet Protocol port 2323/TCP and port 23/TCP for attempts to gain unauthorized control over IoT devices using the network terminal protocol
  • Look out for suspicious traffic on port 48101.

References:
https://www.us-cert.gov/ncas/alerts/TA16-288A
https://www.dhs.gov/science-and-technology/csd-ddosd