Mirai Malware : Botnets Target ‘Internet Infrastructure Services’ with a Massive DDoS Attack

A few weeks ago, we discussed the release of the Mirai source code with a strong sense of foreboding for what’s to come. We encouraged our readers to stay alert, and prepare for the worst. Unfortunately, the prescience of this assertion has been verified.

On Friday, Oct. 21, internet infrastructure company Dyn suffered a massive distributed denial-of-service attack (DDoS) fueled by Mirai malware. According to Network World, internet users in some areas of the U.S. had difficulty connecting to the following web domains, among many others:

  • Twitter
  • Spotify
  • Reddit
  • CNN
  • Etsy
  • The New York Times
  • The Wall Street Journal
  • PayPal
  • Amazon
  • Netflix
  • Sony’s PlayStation Network

‘Shredding an internet address book’

Initial estimates suggested that 10 million or more IP addresses were involved in the attack. The confirmed number turned out to be a botnet of 100,000 devices, the majority of which were Internet of Things units. Unverified reports cited by Dyn and others have suggested that the peak attack volume reached 1.2 Tbps, a figure that if true, dwarfs the massive DDoS attack against Krebs on Security (between 620 and 665 Gbps).

What made the DDoS attack disruptive for such a large quantity of websites and internet users is the choice of victim. Part of what Dyn does is direct web traffic along the most sensible route possible between users and domains (which are translated into IP addresses). The DDoS attack effectively overwhelmed Dyn with queries.

“The attacks against Dyn DNS were similar to some thugs shredding an internet address book, since addresses of thousands of websites couldn’t be looked up and users couldn’t be connected to the right servers,” Network World wrote. “By the third wave of attacks, users across the globe had been affected by the massive disruptions.”

The Internet of Things can all too easily be turned into the Internet of Threats.

Our best-laid plans could be better

Dyn did everything it could in its attempts to withstand the attacks, but the magnitude of the assault was unprecedented, even by an internet infrastructure company’s standards. When a fleet of 100,000 IoT devices is commandeered and repeatedly hurled at servers, there’s really not all that much you can do. As long as malware like Mirai continues to exist and evolve to infect new endpoints, no organization will be safe from the onslaught of botnets.

That is, unless businesses, IoT vendors and home users start properly managing their devices. Incredibly, one of the most effective ways to prevent IoT-based DDoS attack is also one of the simplest: changing default passwords on these devices.

While it’s difficult to get hundreds of thousands of IoT-device owners on board here, businesses in health care, utilities and other industries that use wireless, machine-to-machine devices on a daily basis can certainly do their part. A simple change of password on all IoT endpoints could be the difference between your devices working for you, or against you.

To learn more about computer management best practices, contact Faronics.

About The Author

Suzannah Hastings

Suzannah is interested in all things digital, from software security to the latest technological advances. She writes about ways in which the increasingly internet-driven landscape and windows technologies like steady state alternative that change our lives, and what we can expect in the future.

Sign Up For A 30-Day Trial


Deep Freeze Enterprise

Centralized deployment and management as well as a host of configuration options for the Enterprise.

  • This field is for validation purposes and should be left unchanged.

Ready to find out more about Faronics? Let us know how to reach you.

We're here to help you in any way possible.