SHARE

Report: The Mirai Botnet Isn’t Going Anywhere

Cybercriminals are rushing to adapt and develop the original Mirai code, which uses IoT devices to carry out attacks.

Written By

Dec 28, 2016

This past fall, the Mirai botnet, made up of various IoT devices, managed to knock half the internet offline. Major sites like Netflix, Paypal and Amazon all went down. Since then, the malware’s source code has been made open source, and according to a new report by security consultant firm Digital Shadows, cybercriminals are wasting no time in taking advantage.

“We know criminals move quickly to exploit new malware and techniques and find new ways to monetize them for profit,” said Rick Holland, VP Strategy at Digital Shadows. “So we can see a time when DDoS extortion actors have succeeded in creating new models for generating a ransom payment. Instead of solely relying on a target company, groups will use social media platforms to crowdsource the ransom payment from users who are dependent on the service,” Holland said.

The easy accessibility of Mirai means that the bar has been lowered for launching large scale DDoS attacks. The report stated that technical ability is not likely to be an obstacle for someone determined to launch an attack. That means Mirai is capable of being a force multiplier for someone who wants to use DDoS for an attack. The company said there are three main motivations for these attacks-political, protest, and profit. DDoS attacks may also be used as a distraction from other even more serious intrusions.

The report predicts that a small number of hacktivist campaigns will be successful in launching DDoS attacks in 2017 against public sectors, media outlets and financial services. DDoS-as-a-Service has given cybercriminals access to more sophisticated tools than ever before. As long as IoT devices remain vulnerable, the report said, criminals and hacktivists will take advantage. Even high profile arrests won’t dissuade them. The future of politically motivated attacks largely depends on what, if any, major geopolitical events happen in 2017.

What can enterprises and industries do to protect themselves from these attacks? They can make sure their networks and devices are secure. This means changing from the default passwords and keeping devices updated. The report also reiterated that manufacturers need to step up and build better security into the devices they are making.