Mirai: Cyberthreats from big industries to your household

Jordan Cueto | July 28, 2017 at 2:52 pm

The innovations in cyberthreats are flooding and Mirai shows that even the most common form of attack like a distributed denial-of-service (DDoS) can deal great damage on many industries. Mirai stands at the top of today’s IoT threats, a malicious worm that targets smart devices within your home.

Mirai was involved in some of the largest cyberattacks ever recorded. In 2016, hackers managed to penetrate thousands of household networked things like printers, baby monitors, and smart refrigerators.

These attackers used Mirai to flood the servers of important infrastructures with millions of traffic coming from many locations, bringing many sites down and interrupting services. This technique is known as DDoS. This attack floods the server with tons of lookup requests until servers cannot cope with the traffic.


How does Mirai Work?

Mirai’s job is to create a botnet: a group of devices that act like a small army unit. Owners are unaware that their devices are already compromised. These connected devices are then used as channels to send out more malicious attacks. Mirai is essentially a bridgemaker for hackers.

Below is Mirai’s timeline from BitDefender:

  • Early August 2016: Independent security researchers start analyzing Mirai, which had gone almost unnoticed because samples were difficult to retrieve from infected IoT devices (mostly routers, DVRs, and IP cameras).
  • September 20, 2016: Mirai botnet of 145,607 devices (IP cams and DVRs) hits a few Minecraft servers hosted by French provider OVH. Two consecutive assaults added up to almost 1Tbps and the botnet continued to add infected IoT devices by the thousands.
  • September 20, 2016: Mirai DDoS botnet targets the website of security journalist Brian Krebs with a sustained attack of more than 600Gbps. The journalist was forced to take down the website for three days until he could find better protection from the assaults.
  • Around October 1, 2016: Mirai source code becomes available on public forums, allowing hackers to create their own botnets, add new features to the malware, and create variants that would evade detection.
  • October 21, 2016: Mirai operators shake the Internet as they fire at Dyn, a major DNS service provider. The shock hits high-profile websites like Twitter, Github, Reddit, Netflix, Airbnb, PayPal, Amazon, Spotify, with some of them becoming temporarily unavailable to users.
  • November 4, 2016: Liberia is hit with a DDoS attack from a botnet based on Mirai malware code, knocking offline websites hosted in the country. Security researcher Kevin Beaumont says the blow packed more than 500Gbps of meaningless traffic.
  • November 27, 2016: Routers of Deutsche Telekom customers start having Internet connection problems; Mirai is confirmed the next day and Deutsche Telekom says around 900,000 were affected.
  • November 27, 2016: The variant of Mirai that knocked Deutsche Telekom routers offline also impacts the routers of UK Internet Service Providers TalkTalk, UK Post Office, and Kcom, affecting more than 100,000 customers.
  • February 28, 2017: A Mirai hoard of connected devices targets a US college for 54 hours.


Why is it deadly?

Ever since the source code for Mirai was released, hackers started experimenting with new variants of malware to carry out DDoS attacks. To this moment, cybersecurity experts have detected more than 430 botnets with Mirai involved hitting targets worldwide.

In retrospect, Mirai isn’t deadly by itself. What it brings however is more channels for a lot of cybersecurity threats to go into. It opens the possibility of compromised household devices. In a household, there are no dedicated IT departments or an enterprise level of protection. This puts Mirai in a crucial place by being a huge hole in an already vulnerable area of cybersecurity.

Mirai is deadly because it’s accessible and easy-to-use for attackers and that alone makes it a deadly weapon in today’s cloud-first, mobile-first world.


What can you do?

To counter that, you also need an accessible and easy-to-use cybersecurity solution like Office 365 or Azure. Office 365 is an overall solution that covers all your needs from the ground up, with Microsoft security on its back. It’s the perfect solution for networked environments.

With Microsoft and its solutions, you can be rest assured that everything is monitored and secured 24/7. Because currently, you can never be too careful.

Subscribe to us at Tech One Global and stay updated.

Share with