Mirai Botnet: The malware that led to one of the largest DDOS attacks

Mirai Botnet: A brief on one of the largest DDOS attacks in the history of Internet

Mirai Botnet came into light in October 2016 when it was responsible for a DDOS attack that took down many large websites like PayPal, Netflix, Spotify etc. So let’s go step by step

What is a DOS Attack?

A Denial of Service Attack is an attempt to make the machine or network resources unavailable to its intended users by temporarily bringing it down. This is basically done by flooding the machine or network resources with a large amount of useless requests in order to overload the system.

What is a DDOS Attack?

A DDOS is nothing but a DOS attack that is carried out from multiple sources in order to increase the effectiveness of the attack due to a larger amount of requests being flooded as compared to a DOS attack.

What is a Botnet?

Botnet is a collection or network of internet connected devices which are infected with a common type of malware and are controlled as a group without the victim’s or user’s knowledge. In plain terms they are group of bots or zombies that are controlled as a group by an attacker remotely for malicious purposes.

Mirai Botnet

With the rapid rise in the number of IOT devices which is estimated to reach around 30 billion by 2020, people would be too much dependent on these devices by then. Whether it is a smart refrigerator or a baby monitoring device or internet controlled vehicles, no doubt they will bring ease and comfort in our lives. But we as all humans do often tend to overlook the security implications of these fancy internet connected devices and that’s exactly how the mirai malware took advantage of these devices.

So first let’s understand what mirai is

Mirai is a malware that infects internet connected devices running on Linux OS to act as zombies or bots which is later used as a part of a botnet for a larger deadly scale attack such as DDOS attacks.

So How does Mirai malware attack?

What mirai does is it scans for IOT devices on internet which have open telnet ports (port 23) which is obviously an unencrypted channel of communication and shouldn’t be preferred when we have a secure way of communication such as ssh. After scanning for open telnet ports it tries to login into the devices by using a 61 username and password list/combos which are used by default on those devices and are never changed. On entering into the device it runs a program that takes control over the whole device and swipes out any other malware if present in that device in order to claim the gadget as its own. Now as the devices are successfully compromised by the attackers they act as bots and become a part of a botnet. Attackers use these botnets to carry out a large scale DDOS attack. So Rather than using a complex mechanism, it uses a very simple and overlooked vulnerability in a very clever way.

 

The Story

According to resources this deadly malware was created by 3 undergraduates of America. Prakash Jha who was an undergraduate at Rutgers was very fond of Minecraft. And there is this feature of Minecraft where people could earn money on hosting Minecraft game servers. So hosts launch DDOS attacks against their rivals in order to bring their servers offline and hence attract their own business.

That led to the development of Mirai botnet by Paras Jha, Josiah White, and Dalton Norman. Jha posted it online under the name “Anna-Senpai” and named it Mirai after the anime series Mirai Nikki as because he loved watching anime. But according to an FBI agent who invested this attack gave the following statement “These kids are super smart, but they didn’t do anything high level—they just had a good idea”

The Attack

The first attack came on September 19,2016 which was carried out on OVH which is a cloud computing service and the reason being that it hosted some kind of tools that the Minecraft server hosts usually used in order to fight against DDOS attacks.

Then the source code of the malware was made online by Jha under the name “Anna-Senpai” and this led to another attack which was carried out after a month.

On October 21,2016 a large scale DDOS attack was carried out against DYN which is a DNS service firm by some other hacktivist group. The effect being a majority of internet platforms and services were unavailable to the users in Europe and North America.

In December 2016, the three Americans were pleaded guilty and were proved responsible for the attacks related to Mirai Botnet.

Map showing real time attacks by mirai across the world

 

Protection from these kind of attacks

Well there is not much you could do but since the mirari botnet used a very common overlooked weakness in a clever way so what you could always do and should do is to change the default credentials of your internet connected devices from the first day itself. Secondly if you own lots of internet connected devices, placing a firewall is always recommended as it gives an additional layer of security to your devices.

So that’s for now. See you next time.Goodbye

Loved what you read?

If so, then kindly follow and share our website for much more interesting stuffs ?

For any queries please send a Hi to my Linkedin Handle: Here

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *