The recent reports involving the Mirai malware is a serious cause of concern for the Internet of Things ecosystem. Mirai can easily takeover insecure cameras, DVRs, and routers, which are widely available all around the world. Mirai came into limelight when it took down the blog of Brian Krebs - an American journalist and investigative reporter in September following a record 620 Gpbs attack.
Following this incident, the source code for Mirai was leaked online at the end of September and since then; the code has surfaced many times resulting in the emergence of several large Mirai-based attacks. In October, another such attack brought down much of America’s internet which many experts believe to be the largest of its kind in history. The victim was Dyn, a company that controls much of the internet’s domain name system (DNS) infrastructure. This attack brought down sites like Twitter, the Guardian, Netflix, Reddit, CNN and many others in Europe and the US.
Mirai IoT botnet has also been blamed for taking down the internet in Liberia. Security experts are clueless as to why a small country on the West African coast was attacked? It is highly possible that Liberia served as a testing ground for this attack to observe whether it is possible to bring the whole country offline or not!
Connected things and their future
With technology firms pushing for greater connectivity, more and more household devices are sharing real-time data on daily basis.
But these connected devices may be vulnerable to hackers, who have the potential to hack into your household objects to carry out cyber-attacks.
Mirai malware scans for Internet of Things (IoT) devices that are still using their default passwords and then enslaves those devices into a botnet, which is then used to launch DDoS attacks.
Many IoT devices are built on Linux-based operating systems and these devices have remained notoriously hard to update, despite the recent advancements in Linux distros. Products based on Internet of Things platforms are always on, always connected and often exploitable, so, more attention should be paid to the physical safety risks that remotely exploitable devices pose.
Hacking made easy
Also, with the availability of cheap and easy-to-build Botnets using Internet of Things devices, DDoS attacks are only going to increase with significant impacts on networks all over the globe. The release of the code for botnets like Mirai has already lowered the barrier of entry for an attacker to enter the space. The hackers already have found a way to crack into the system which is going to cost less and can be accomplished with less technology.
The purpose
Mirai is built for two core purposes that are to locate and compromise IoT devices to further grow the botnet and to launch DDoS attacks based on instructions received from a remote C&C (command and control).
To recruit the connected devices, Mirai performs wide-ranging scans of IP addresses, the purpose of which is to locate under-secured IoT devices that could be remotely accessed via easily guessable login credentials—usually factory default usernames and passwords (e.g., admin/admin).
Mirai uses a brute force technique for guessing passwords also known as dictionary attacks and by breaching the internet-exposed Telnet or SSH ports. It also can leverage vulnerabilities in the control panel or the firmware of these devices.
Analysts warn that millions of vulnerable web-connected devices could be under the control of hackers and used by botnet servers to carry out online attacks.
In order to avoid being hacked, users should use strong passwords, regularly check for software updates, and implement appropriate security software.