October 4, 2016 By Douglas Bonderud 3 min read

The new release of Mirai malware source code unleashed a wave of IoT-based bots on the internet at large, giving motivated fraudsters the tools they need to ramp up attack speeds and deliver huge distributed denial-of-service (DDoS) throughput.

InfoWorld described it as a “plague,” and it may be right, since IoT security already struggles to keep pace with cybercriminals’ sophistication and speed. Is it possible to insulate corporate networks against this new wave of IoT insecurity?

Botnet Backlash

As noted by Infosecurity Magazine, Mirai is designed to leverage IoT by scanning the web for devices protected by factory-default passwords or hard-coded credentials, making them easy to compromise and infect. Once under the control of malicious actors, these devices are turned into a kind of massive botnet that can spam-DDoS websites and quickly shut them down.

The Krebs on Security site, for example, was recently targeted by a DDoS attack using the Mirai malware reaching 620 Gbps. Ars Technica also reported a 1 Tbps attack on French web host OVH.

In both cases, this traffic is orders of magnitude greater than what is required to knock out a website. It was made possible by a combination of the sheer number of IoT devices now connected to the internet and the lackluster security associated with most of these products.

That’s with Mirai still under the control of just a few attackers. Its source code was released last Friday, according to Infosecurity Magazine, after cybercriminals noticed the number of botnets they could pull was steadily dropping thanks to ISPs “cleaning up their act.” With Mirai now available to the public, however, the sheer number of attempts may undo much of the progress made in the wake of the Krebs and OVH attacks.

When Cameras and Printers Attack

According Ars Technica, IP cameras and video recorders are among the most frequently compromised IoT devices. It makes sense, since there are millions of these devices online, and most come with stock security credentials that are never changed.

The problem is that cameras, recorders, printers and wireless sensors don’t seem like threats because they’re on the fringes of corporate networks. Even if they’re compromised, they pose no local threat. With a few tweaks, however, they can be misappropriated as part of a larger, IP-enabled botnet that can conduct DDoS attacks anywhere, anytime.

Mitigating Mirai Malware

So how do IoT suppliers and manufacturers reverse the trend and stop Mirai in its tracks? First up are passwords. Device vendors need to make sure every IoT product comes with a unique password or force users to change the password once the device is installed.

Problems here include cost — since cheaper and faster is better for companies looking to tap into the IoT market — and the specter of user inconvenience. If forced to remember yet another password or make regular changes to device security, users may opt for a simpler alternative.

There’s also the problem of firmware. Even devices that start secure don’t stay that way forever. Still, companies often make it difficult to find firmware updates. Automatic updates, meanwhile, introduce the problem of man-in-the-middle (MitM) attacks if the process isn’t properly protected.

Solving IoT Insecurity

The Mirai malware release is merely a symptom of the larger problem of limited IoT security. Cybercriminals are able to create botnets because speed and convenience often trump security when it comes to IoT.

To solve the problem, security leaders must rethink the IoT industry on the whole. Rather than existing outside the corporate network, connected devices must be seen as the first line of defense: Whatever gets past the gates can be used to undermine the foundation.

More from

Exploiting GOG Galaxy XPC service for privilege escalation in macOS

7 min read - Being part of the Adversary Services team at IBM, it is important to keep your skills up to date and learn new things constantly. macOS security was one field where I decided to put more effort this year to further improve my exploitation and operation skills in macOS environments. During my research, I decided to try and discover vulnerabilities in software that I had pre-installed on my laptop, which resulted in the discovery of this vulnerability. In this article, I…

Taking the complexity out of identity solutions for hybrid environments

4 min read - For the past two decades, businesses have been making significant investments to consolidate their identity and access management (IAM) platforms and directories to manage user identities in one place. However, the hybrid nature of the cloud has led many to realize that this ultimate goal is a fantasy. Instead, businesses must learn how to consistently and effectively manage user identities across multiple IAM platforms and directories. As cloud migration and digital transformation accelerate at a dizzying pace, enterprises are left…

IBM identifies zero-day vulnerability in Zyxel NAS devices

12 min read - While investigating CVE-2023-27992, a vulnerability affecting Zyxel network-attached storage (NAS) devices, the IBM X-Force uncovered two new flaws, which when used together, allow for pre-authenticated remote code execution. Zyxel NAS devices are typically used by consumers as cloud storage devices for homes or small to medium-sized businesses. When used together, the flaws X-Force discovered allow a remote attacker to execute arbitrary code on the device with superuser permissions and without requiring any credentials. This results in complete control over the…

What cybersecurity pros can learn from first responders

4 min read - Though they may initially seem very different, there are some compelling similarities between cybersecurity professionals and traditional first responders like police and EMTs. After all, in a world where a cyberattack on critical infrastructure could cause untold damage and harm, cyber responders must be ready for anything. But are they actually prepared? Compared to the readiness of traditional first responders, how do cybersecurity professionals in incident response stand up? Let’s dig deeper into whether the same sense of urgency exists…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today