The Infamous Mirai DDoS Malware Source Code is Released

The potential dangers of being able to connect several embedded electronic devices to the Internet, has grown into an abnormally large DDoS (Distributed Denial of Service) attack. Specifically talking, the DDoS that targeted security journalist, Brian Krebs’ website just two weeks ago. Brian possesses a website in which had peaked an outstanding 620-Gbps two weeks ago. Surprisingly enough, he stopped his firewall services and allowed the DDoS attack to target his website directly. As a result, his website didn’t go down, but only slowed on the response speed. Over all, his website remained safe and secured.

However, like all cyber-attacks that happen, this situation rapidly grew worse over the weekend. Why? The source code of this DDoS attack used to target Brian’s security website has been publicly released on Code-Cloud-Hosting site GitHub.

Brian Krebs stated that the Mirai Malware was continuously searching the Internet for any IoT (Internet of Things) devices. Within such devices, the malware looked for routers, IP-Cameras, DVR’s, and a slew of other IoT devices. Once the malware detected them, it proceeded to exploit a typical default; weak and even hard-coded credentials. Once this happened, the malware forced these devices to forge together, essentially creating one giant slew of botnets to be used within a DDoS attack. Once these devices forge together, the amount of damage could be rather costly to the targeted victim.

In a message posted by hacker Anna-senpai,  the public was informed of an increase of attention with IoT-powered botnets. Anna-senpai also informed the public that Mirai was allowing him to harness IoT devices, totaling up to 380,000 bots. This was achieved via telnet based connections.

The Mirai malware is now recognized as the second malware in which is forging together IoT devices and forming botnets for malicious purposes. Near the end of August, a company, Level 3 Communications, had formely disclosed information about research they conducted on the Bashlite Malware. This malware, as reported by Level 3 Communications, is also responsible for the compromise of just over one million web-connected IoT security cameras and DVR’s.

The Bashlite malware had first started off by communicating with only a small handful of IoT bots. Within a few short hours, the list had expanded to hundreds upon thousands of different IoT bots. According to Level 3 Communications, about ninety-five percent of the IoT bots had been that of cameras and DVR machines. Another four percent had been from personal home internet routers, while the remaining amount of IoT devices had been Linux-Based machines. Moreover, hundreds upon thousands of command lines of code, as well as control servers, had been involved in the process of communicating with each of the compromised IoT Device endpoints.

It is possible we could be looking at IoT devices as the new norm. Several of these IoT devices are often rather difficult to manage, and almost nearly impossible to keep updated. However, most of them are nothing more than a “sitting duck” ready to be utilized for one reason or another.

In more recent cases, cyber-criminals are using these devices to commence their cyber-attacks on selected victims. According to Arbor Networks, they had monitored 540-Gbps DDoS attacks that targeted various websites and other organizations that have been, or are involved in, the Rio Summer Olympic Games. Those in which are affiliated with the attack had been fluctuating for several months, prior to the games.

“It’s not a new phenomenon. What is new is that awareness has grown in the attacker community that there are lots of devices out there shipped with bad configurations like default credentials that easy to exploit,” states Roland Dobbins. Dobbins is a principal engineer working for the Arbor Networks company. He continues by saying “actually, it’s pound-for-pound more efficient sending packets in terms of bandwidth than similarly sized general-purpose computers because they don’t have a heavy UI; typically, they’re running relatively lightly.”

These IoT devices are not just “lightweight” in terms of security, but are also hosted online almost every second of every day. As a result, the network managers of these respective devices often overlook any excessive activity occurring. Dobbins reports they are “typically…unmanaged and deployed on networks where ops are not paying attention to ingress and egress traffic,” he continues informing the public “All of this comes together with the fact that there are zillions of these things. Attackers realize they can harness them into a botnet and launch high-volume attacks.”

Sources: GitHub (Mirai Source Code), Level 3 Communications, Arbor Networks (DDoS Mitigation), Latest Hacking News.

This article (The Infamous Mirai DDoS Malware Source Code is Released!) is a free and open source. You have permission to republish this article under a Creative Commons license with attribution to the author and AnonHQ.