October 4, 2016 By Douglas Bonderud 3 min read

The new release of Mirai malware source code unleashed a wave of IoT-based bots on the internet at large, giving motivated fraudsters the tools they need to ramp up attack speeds and deliver huge distributed denial-of-service (DDoS) throughput.

InfoWorld described it as a “plague,” and it may be right, since IoT security already struggles to keep pace with cybercriminals’ sophistication and speed. Is it possible to insulate corporate networks against this new wave of IoT insecurity?

Botnet Backlash

As noted by Infosecurity Magazine, Mirai is designed to leverage IoT by scanning the web for devices protected by factory-default passwords or hard-coded credentials, making them easy to compromise and infect. Once under the control of malicious actors, these devices are turned into a kind of massive botnet that can spam-DDoS websites and quickly shut them down.

The Krebs on Security site, for example, was recently targeted by a DDoS attack using the Mirai malware reaching 620 Gbps. Ars Technica also reported a 1 Tbps attack on French web host OVH.

In both cases, this traffic is orders of magnitude greater than what is required to knock out a website. It was made possible by a combination of the sheer number of IoT devices now connected to the internet and the lackluster security associated with most of these products.

That’s with Mirai still under the control of just a few attackers. Its source code was released last Friday, according to Infosecurity Magazine, after cybercriminals noticed the number of botnets they could pull was steadily dropping thanks to ISPs “cleaning up their act.” With Mirai now available to the public, however, the sheer number of attempts may undo much of the progress made in the wake of the Krebs and OVH attacks.

When Cameras and Printers Attack

According Ars Technica, IP cameras and video recorders are among the most frequently compromised IoT devices. It makes sense, since there are millions of these devices online, and most come with stock security credentials that are never changed.

The problem is that cameras, recorders, printers and wireless sensors don’t seem like threats because they’re on the fringes of corporate networks. Even if they’re compromised, they pose no local threat. With a few tweaks, however, they can be misappropriated as part of a larger, IP-enabled botnet that can conduct DDoS attacks anywhere, anytime.

Mitigating Mirai Malware

So how do IoT suppliers and manufacturers reverse the trend and stop Mirai in its tracks? First up are passwords. Device vendors need to make sure every IoT product comes with a unique password or force users to change the password once the device is installed.

Problems here include cost — since cheaper and faster is better for companies looking to tap into the IoT market — and the specter of user inconvenience. If forced to remember yet another password or make regular changes to device security, users may opt for a simpler alternative.

There’s also the problem of firmware. Even devices that start secure don’t stay that way forever. Still, companies often make it difficult to find firmware updates. Automatic updates, meanwhile, introduce the problem of man-in-the-middle (MitM) attacks if the process isn’t properly protected.

Solving IoT Insecurity

The Mirai malware release is merely a symptom of the larger problem of limited IoT security. Cybercriminals are able to create botnets because speed and convenience often trump security when it comes to IoT.

To solve the problem, security leaders must rethink the IoT industry on the whole. Rather than existing outside the corporate network, connected devices must be seen as the first line of defense: Whatever gets past the gates can be used to undermine the foundation.

More from

Grandoreiro banking trojan unleashed: X-Force observing emerging global campaigns

16 min read - Since March 2024, IBM X-Force has been tracking several large-scale phishing campaigns distributing the Grandoreiro banking trojan, which is likely operated as a Malware-as-a-Service (MaaS). Analysis of the malware revealed major updates within the string decryption and domain generating algorithm (DGA), as well as the ability to use Microsoft Outlook clients on infected hosts to spread further phishing emails. The latest malware variant also specifically targets over 1500 global banks, enabling attackers to perform banking fraud in over 60 countries…

New cybersecurity sheets from CISA and NSA: An overview

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) have recently released new CSI (Cybersecurity Information) sheets aimed at providing information and guidelines to organizations on how to effectively secure their cloud environments.This new release includes a total of five CSI sheets, covering various aspects of cloud security such as threat mitigation, identity and access management, network security and more. Here's our overview of the new CSI sheets, what they address and the key takeaways from each.Implementing…

Threat intelligence to protect vulnerable communities

2 min read - Key members of civil society—including journalists, political activists and human rights advocates—have long been in the cyber crosshairs of well-resourced nation-state threat actors but have scarce resources to protect themselves from cyber threats. On May 14, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) released a High-Risk Communities Protection (HRCP) report developed through the Joint Cyber Defense Collaborative that addresses the threat to these vulnerable groups, with findings contributed by the X-Force Threat Intelligence team.Cyber criminals seek stolen credentialsThe HRCP…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today