Mirai Is Taking Down Countries And No One Know What To Do About It

Mirai_botnet_is_dangerous_for_all_online_users

Mirai botnet is a problem for everybody.

Security researchers have identified something weird.

Weird, in the sense, that they think someone is actively trying to bring down the whole infrastructure of the internet in a country.

Researchers also say that that special someone partially succeeded in the plan.

How?

By launching Distributed Denial of Service attacks on a massive scale.

This special someone, probably a hacker, used a botnet made up of millions of insecure Internet of Things devices.

The hacker or hackers (who really knows for sure?), used the Mirai malware in their botnet to infect Internet of Things devices.

Hackers started to work on their nefarious plan back in October.

Researchers have found that a cyber criminal released the Mirai source code on a public forum in order to encourage other hesitant hackers to do the same.

What Is Mirai?

Mirai_botnet_affects_iot_devices_the_most

Internet of Things devices are the main problem for security companies.

It is basically a nasty piece of Internet of Things device malware.

Hackers have designed this Mirai malware to scan the internet for Internet of Things devices which are insecure.

After Mirai has found these insecure Internet of Things devices, it moves to the next phase which is to enslave these Internet of Things devices.

Then, the malware uses these insecure Internet of Things devices in a huge botnet network.

Hackers, then use this huge botnet network to launch massive Distributed Denial of Service attacks.

A couple of weeks ago, hackers used the Mirai malware Internet of Things Botnet to cause a huge internet outage.

They did so by launching one of the biggest Distributed Denial of Service attack in history.

And they did so against a well-reputed DNS provider by the name of Dyn.

Later, after the attack, security researchers found that the Mirai botnet network consisted of 100,000 insecure and infected Internet of Things devices.

And all of these participated in launching the massive Distributed Denial of Service attack.

More About Mirai

Mirai itself is an open source toolkit that is used to launch Distributed Denial of Service attacks.

It is the same toolkit that hackers used to launch the historic Distributed Denial of Service attack on DNS provider Dyn.

Because of the attack, many major online websites and services went offline.

Mirai took down sites like,

  • Twitter
  • Netflix
  • And many more

And it did so during the month of October.

After the attack, Beaumont tried to monitor the security situation of key internet infrastructures and found out the hackers carried out the huge botnet attacks via a website by the name of MalwareTech.com.

Security experts now believe that hackers could ten tbps in their future Distributed Denial of Service attacks.

Some of our readers would already know that such transfer rates would prove sufficient to take down the internet infrastructure of a whole nation state.

Of course, that is very dangerous.

In fact, we already know one incident of this time which happened a few weeks ago in Liberia.

Some hacking group tried to shut down the entire internet infrastructure of Liberia.

But why would hackers do that?

Liberia isn’t really a big superpower.

It is just a small nation in the African continent.

It turns out, hackers don’t care.

They want to test their new tools.

And that’s what they did with Liberia.

They used the Mirai Internet of Things Botnet which is also known as Botnet 14, to damage Liberian internet infrastructure.

The latest Distributed Denial of Service attack via Mirai Internet of Things botnet in Liberia almost destroyed all internet access across the country.

This lethal botnet is also known as Mirai Botnet 14, as mentioned before.

Security researcher Kevin Beaumont tracked the Mirai Botnet 14 and monitored its activities.

He also wrote about the huge Distributed Denial of Service attack on Medium.

Kevin tracked several Mirai botnet attacks.

And all of them looked normal.

Except for one.

This one stood out for a very particular reason.

Most of the cyber attacks that Kevin tracked looked elementary.

But the Mirai botnet 14 seemed like it didn’t care for smaller targets.

It went after larger targets.

Not only that, Mirai botnet 14 also showcased better success rates than other forms of cyber attacks.

Beaumont discovered this by tracking the malware over an extended period of time.

He wrote in his Medium article that transit providers had confirmed that these attacks caused the traffic output to surge over 500 Gbit/sec.

Kevin also revealed that these type of cyber attacks typically lasted a short duration.

He said that cyber criminals had truly moved into the domain of large Mirai botnet attacks.

Moreover, he said that Mirai botnet 14 attack had a controlling domain that pre-dated the cyber attacks that took place on Dyn.

Moreover, he said, the 500 Gbit/sec capacity made it absolutely one of the largest Distributed Denial of Service botnet attacks ever witnessed.

Additionally, he said that since the volume of traffic that this botnet could generate was so huge, it could only come from the attacker who tried to destroy Dyn with another Distributed Denial of Service attack.

The Mirai Botnet Problem Is Not Simple

Mirai_botnet_is_just_a_nasty_malware

Malware is the name of the game as far as cyber attacks are concerned. It just changes its form in different cyber attacks

In fact, it is the opposite.

It is complicated.

Especially if we take into account Liberia’s internet infrastructure.

The problem in Liberia is that the whole of the country’s population, approx 4.5 million, gets its internet connection from one internet cable provider.

This is what World Bank reported a while back.

In other words, if you hurt that one single internet service provider, you hurt the internet access to all the people who live in Liberia.

Beaumont pointed out that this scenario presented hackers with a single point of failure.

Kevin Beaumont, the security researcher, also noted that Mirai Botnet 14 had additionally begun to launch Distributed Denial of Service attacks on another telecommunication company.

The telecommunication company goes by the name of Lonestar Cell MTN.

And hackers wanted to disrupt its network with the Mirai Botnet 14.

Lonestar Cell MTN is the same internet service provider that provides internet access to over 14 percent of the population in Liberia.

And it does so via a single entry point.

This entry point comes from deep within the sea via a fiber cable.

Kevin posted in his blog post today that after monitoring the situation, he could see websites hosted in Liberia going down during the massive DDoS attack.

Moreover, a source in Liberia located at Telco also confirmed to a local journalist that the country saw intermittent and unstable internet connectivity.

The source also told the journalist that this instability occurred at times that directly matched those of the Distributed Denial of Service attacks.

Kevin also believes that these latest round of DDoS attacks can increase traffic output to astronomical levels.

Somewhere in the region of 5000 Gbps per second in size.

But they do tend to last for a short period of time.

Kevin also said that this indicates that the new Shadows Kill malware botnet was owned and came via the same actor behind the Dyn DDoS attack.

Why Is This Mirai Botnet Bad News?

Firstly, it is troublesome to see hackers use Mirai Botnet malware to take down key internet infrastructure.

The other problem is that Mirai is open source, which we also mentioned earlier in the article.

And because of the fact that Mirai toolkit is open source, anyone with enough knowledge and will can use it.

Hackers can potentially use it to hurt the entire internet infrastructure of a whole country as well.

They can black out whole regions too.

Here is another interesting event that you should know about.

Kevin used his twitter account to tweet about the latest round of Mirai botnet attacks from the world.

As a counter punch, the botnet started to send Twitter messages with the use of another account.

One of the messages actually read “kevin.lies.in.fear”.

That is both scary and creepy at the same time.

The co-founder of Cognitio, a cyber security consultancy firm, Bob Gourley said that his company had managed to track massive DDoS malware botnet attacks.

Bob, who is also the former CTO of Defense Intelligence Agency, further said that the new DDoS attacks presented a great danger not because of their size, but because of their ability to launch massive DDoS cyber attacks that could potentially take the whole country down.

Some security researchers call these type of attacks as a nation-blanking cyber attack.

Now, as indicated earlier, Liberia isn’t a big country.

In fact is very small.

Gourley said, that the latest DDoS attacks clearly showed that hackers could affect larger countries with bigger internet infrastructure as well.

Liberia’s Internet Infrastructure Is Insecure And That’s Why Hackers, via Mirai Malware, Hacked It.

Mirai_botnet_is_a_bad_malware_type

Some companies just do not have the finances to deal with botnet attacks. But they will have to come around eventually

We’ll give Liberia some leeway.

The country has seen nothing but civil war for over ten years now.

This unfortunate situation has ensured that Liberia’s telecommunication infrastructure remains destroyed.

This is also the reason why a small portion of people living in Liberia have access to the internet.

And even the ones who do have access to the internet, have so via satellite communication.

The country has made significant progress though.

In late 2011, engineers deployed a seventeen thousand kilometers long ACE (Africa Coast to Europe) submarine fiber-optic cable from Cape Town to France.

The managers of the project used the west coast of Africa to deploy the long fiber-optic cable.

We also know that the long ACE fiber-optic cable reached depths around six thousand meters below sea level when engineers laid its foundations.

This cable eventually succeeded in providing broadband internet connectivity to more than twenty-three countries both in Africa and Europe.

Let’s Hear The Shocking Part

We know that this might feel like it is coming out of nowhere, but we have to mention one critical fact regarding the cable.

The cable’s total traffic capacity is just around 5.12 Tbps.

Moreover, this maximum capacity is actually shared among more than twenty-three countries in the two continents.

And remember, hackers can launch bigger DDoS attacks as well.

The massive Distributed Denial of Service attack against DNS provider Dyn consisted of Mirai botnet which further consisted of just one hundred thousand infected Internet of Things devices.

Hackers used this DDoS attack to shut down internet services for millions of online users.

What can the hackers do with a botnet attack that makes use of a million Internet of Things devices?

One can only wonder.

We also know that the latest versions of Mirai botnets can control over a million insecure Internet of Things devices.

And you know what that means right?

Yes.

They can shut down internet services for whole nation states and not just a couple of million people.

Of course, it is a worrying sign.

Most of the other backward countries also don’t have a large maximum internet traffic capacity.

This leaves countries like Liberia open to hackers who have the tools available to disrupt their internet services.

In fact, talking purely from a mathematical point of view, hackers can bring down internet services in most if not all of the twenty-three countries in Africa and Europe that rely on that ACE fiber-optic cable for internet accessibility.

Let’s Talk About THe Root Cause Of The Problem

The root cause of the problem is Internet of Things devices.

These devices are currently very vulnerable to hackers and other cyber criminals.

Hence, the more number of Internet of Things devices we have, the more chances hackers have to hack them.

And the more chances hackers have to hack them, the more Mirai botnets we will have.

What Should The User Do For Protection?

End users can do a lot of things to protect themselves.

The number one thing they can do is:

Have vigilance.

Users have to show more vigilance with regards to the security of their Internet of Things devices.

Devices such as smartphones, internet routers, smart watches, all come under the heading of Internet of Things devices.

Smart devices aren’t really smart.

They are actually, slightly, dumb.

In other words, they can’t protect themselves sufficiently.

We have written quite a lot of what users can do to protect themselves.

Most of the security solutions to malware attacks are rather basic but effective.

There are a number of things you can do to help yourselves in protecting your Internet of Things devices from malware like the Mirai botnet.

In other words, you have to stop your Internet of Things devices from becoming a part of a Mirai botnet.

If you want to know how to check your device for Mirai malware vulnerability then head on over here.

Attack Vectors And Their Ever Expanding Horizons

Once upon a time, Gourley said that more and more hackers are gaining the ability to carry out and successfully conduct these cyber attacks.

Moreover, hackers are getting better at increasing the scale of these botnet attacks.

Gourley believes that the size of these attacks will get bigger.

Possibly within a month.

Gourley also believes that now countries such as Ecuador, Colombia, and Venezuela will become prime targets for hackers because these hackers would like to take these countries offline.

Ideally, at the same time.

Gourley also thinks that other countries aren’t safe either.

In other words, any country can get hit with a bad Mirai botnet attack.

And that means a lot of businesses are at risk of getting their supply chains disrupted.

We also have to think about the upcoming holidays.

If a similarly sized Distributed Denial of Service attack hits websites and services such as Amazon and eBay during those peak shopping hours then all hell can break loose.

Gourley also believes that hackers could also target services such as UPS, FedEx and US Post Office.

And if they do, it would cause a massive disturbance in the normal functioning of the society.

If hackers can identify the busiest shipping times and wait for the right opportunity, then they can cause a massive amount of damage to any country.

Of course, hacker threats aren’t restricted to major retailers.

Everyone is at risk.

These botnets don’t really differentiate between targets unless hackers behind them want them to.

All companies, big and small, should address the issue of Distributed Denial of Service attacks.

John Pironti, who is the current president of IP Architects LLC, thinks that hackers can now leverage the availability of easy-to-build and cheap botnets.

And they can do that by infecting Internet of Things devices.

As a result, John believes, the frequency of these Distributed Denial of Service attacks will only increase.

Moreover, DDoS attacks will continue to have major impacts on all networks in all countries.

More And More Hackers Will Now Use Botnets

But why?

The answer is simple enough.

Some hackers have released the source code for botnet tools like Bashlight and Mirai.

This has ensured that the barrier of entry for launching a DDoS attack on anyone has drastically decreased.

Hackers, now, don’t have to learn a lot of stuff to enter the space of launching DDoS attacks on the whole population.

Pironti believes that the released source code has made it much cheaper for any hacker to commit and launch a DDoS attack.

MOreover, it has also made it easier for hackers to accomplish their nefarious designs which much less use of technology than ever before.

Pironti also believes that there is little security services can do now because the “genie is out of the bottle”.

In short, hackers have released Bashlight and Mirai publicly.

And now these new attack codes have given hackers brand new and potentially lucrative opportunities to launch highly damaging cyber attacks.

Most of all, they can now do so with a minimum of effort and cost.

What Can Companies Do To Protect Themselves?

Most of the botnet attacks happen because hackers can infect and then control Internet of Things devices.

Then they use the botnet to attack all companies of all sizes.

Hence all companies need to take some serious steps in order to manage and secure all of their network endpoints.

Companies can start by first identifying these Internet of Things devices in their network.

Then they need to isolate them.

After that, they must limit the internet accessing ability of these Internet of Things devices.

Moreover, organizations and companies should also spend more money in training their employees.

Employees should have the proper education to recognize major signs of a potential Distributed Denial of Service attack.

They must also have the necessary skills to report such attacks to their IT department.

The IT department can then move in and take mitigation steps which can limit the amount of damage that DDoS attacks can cause.

Your Takeaways

  • Hackers used a new type of malware botnet known as Mirai botnet 14 to target Liberia.
    Liberia is a small African country.
    This shows hackers don’t really care if the country is small or big.
    They will go after anyone who is vulnerable enough.
    Hackers took down almost the entire internet infrastructure of the country.
    Millions of users had to face extended periods of no internet access.
  • Hackers used the same old Mirai code for the new Mirai malware attack as well.
    The same botnet had earlier attacked DNS provider Dyn as well.
    Security experts believe that the same hacker carried out both the DDoS attacks
  • The unfortunate Liberian incidence where Mirai botnet 14 took down a major portion of its internet infrastructure basically highlights the immense need for better security.
    Enterprises who deal in Internet of Things devices should prepare themselves and their employees, through education, to recognize and then tackle such issues with more clarity.

 

One Response

  1. George January 9, 2017

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.