October 4, 2016 By Douglas Bonderud 3 min read

The new release of Mirai malware source code unleashed a wave of IoT-based bots on the internet at large, giving motivated fraudsters the tools they need to ramp up attack speeds and deliver huge distributed denial-of-service (DDoS) throughput.

InfoWorld described it as a “plague,” and it may be right, since IoT security already struggles to keep pace with cybercriminals’ sophistication and speed. Is it possible to insulate corporate networks against this new wave of IoT insecurity?

Botnet Backlash

As noted by Infosecurity Magazine, Mirai is designed to leverage IoT by scanning the web for devices protected by factory-default passwords or hard-coded credentials, making them easy to compromise and infect. Once under the control of malicious actors, these devices are turned into a kind of massive botnet that can spam-DDoS websites and quickly shut them down.

The Krebs on Security site, for example, was recently targeted by a DDoS attack using the Mirai malware reaching 620 Gbps. Ars Technica also reported a 1 Tbps attack on French web host OVH.

In both cases, this traffic is orders of magnitude greater than what is required to knock out a website. It was made possible by a combination of the sheer number of IoT devices now connected to the internet and the lackluster security associated with most of these products.

That’s with Mirai still under the control of just a few attackers. Its source code was released last Friday, according to Infosecurity Magazine, after cybercriminals noticed the number of botnets they could pull was steadily dropping thanks to ISPs “cleaning up their act.” With Mirai now available to the public, however, the sheer number of attempts may undo much of the progress made in the wake of the Krebs and OVH attacks.

When Cameras and Printers Attack

According Ars Technica, IP cameras and video recorders are among the most frequently compromised IoT devices. It makes sense, since there are millions of these devices online, and most come with stock security credentials that are never changed.

The problem is that cameras, recorders, printers and wireless sensors don’t seem like threats because they’re on the fringes of corporate networks. Even if they’re compromised, they pose no local threat. With a few tweaks, however, they can be misappropriated as part of a larger, IP-enabled botnet that can conduct DDoS attacks anywhere, anytime.

Mitigating Mirai Malware

So how do IoT suppliers and manufacturers reverse the trend and stop Mirai in its tracks? First up are passwords. Device vendors need to make sure every IoT product comes with a unique password or force users to change the password once the device is installed.

Problems here include cost — since cheaper and faster is better for companies looking to tap into the IoT market — and the specter of user inconvenience. If forced to remember yet another password or make regular changes to device security, users may opt for a simpler alternative.

There’s also the problem of firmware. Even devices that start secure don’t stay that way forever. Still, companies often make it difficult to find firmware updates. Automatic updates, meanwhile, introduce the problem of man-in-the-middle (MitM) attacks if the process isn’t properly protected.

Solving IoT Insecurity

The Mirai malware release is merely a symptom of the larger problem of limited IoT security. Cybercriminals are able to create botnets because speed and convenience often trump security when it comes to IoT.

To solve the problem, security leaders must rethink the IoT industry on the whole. Rather than existing outside the corporate network, connected devices must be seen as the first line of defense: Whatever gets past the gates can be used to undermine the foundation.

More from

What makes a trailblazer? Inspired by John Mulaney’s Dreamforce roast

4 min read - When you bring a comedian to offer a keynote address, you need to expect the unexpected.But it is a good bet that no one in the crowd at Salesforce’s Dreamforce conference expected John Mulaney to tell a crowd of thousands of tech trailblazers that they were, in fact, not trailblazers at all.“The fact that there are 45,000 ‘trailblazers’ here couldn’t devalue the title anymore,” Mulaney told the audience.Maybe it was meant as nothing more than a punch line, but Mulaney’s…

What’s up India? PixPirate is back and spreading via WhatsApp

8 min read - Quick recapThis blog post is the continuation of a previous blog regarding PixPirate malware. If you haven’t read the initial post, please take a couple of minutes to get caught up before diving into this additional content. As a reminder, PixPirate malware consists of two components: a downloader application and a droppee application, and both are custom-made and operated by the same fraudster group. Although the traditional role of a downloader is to install the droppee on the victim device,…

83% of organizations reported insider attacks in 2024

4 min read - According to Cybersecurity Insiders' recent 2024 Insider Threat Report, 83% of organizations reported at least one insider attack in the last year. Even more surprising than this statistic is that organizations that experienced 11-20 insider attacks saw an increase of five times the amount of attacks they did in 2023 — moving from just 4% to 21% in the last 12 months.With insider threats on the rise, it’s critical for businesses to recognize the real dangers that originate from inside…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today