Mirai - the IoT Botnet
Mirai is the massive IoT botnet that helped us understand how much of a threat having all these unprotected IoT devices is. Mirai caught the attention of Cyber security experts because unlike most other bots at that time, it wasn’t a variation of any other botnet around, and that meant that it was created from scratch, and that fact alone was enough to get the cyber security teams involved.
It was in the beginning of 2016 that the security agencies first heard rumours about a DDoS for hire service wreaking havoc on the online gaming community going by the name of VDos, Distributed Denial of service is basically when a network is brought down by bombarding it with fake requests. By October of the same year there was already a multinational investigative unit tasked to analysing and finding the owners of these botnets.
While DDoS attacks are becoming popular, when they reach certain levels the Cybersecurity teams are brought in. The VDos botnet was being used to basically gain an advantage in the gaming world, the owners were charging anywhere between $5 to over 50 dollars for a small scale DDoS attack on their opponents thus kicking them offline to make them lose.
The biggest difference between these botnets and the Mirai Botnet, is that most of the botnets were basically a modified version of older botnets, like the VDos botnet that had many similarities with Qbot. But this new botnet was unlike anything they had come across before, it was basically created from the ground up.
What made Mirai such a dangerous IoT botnet
There is a line that all hackers have to cross when letting loose their botnet, that is getting more than 100,000 devices infected, it is much harder than it sounds because of the diversity of the potential victim devices, and the Mirai botnet flew past that artificial threshold without even breaking a sweat. The way it was able to quickly infect different types of devices made it a real threat. It was estimated that the Mirai botnet was able to infect more than 60,000 devices within its first 24hrs in the wild and within a week had more than 200,000 at its disposal.
Another curious fact is how it interacted with devices when infecting them, once infected the Mirai malware would delete itself and only remain in the flash memory, making it harder to detect, and if a person rebooted the device, well that would get rid of the malware, but would get infected within minutes after being online again.
What we can learn from all this
The culprits were found and charged, to give you an idea of the sheer power behind this botnet, a “normal” DDoS attack can reach 10 to 30 Gbps (Gigabits per second) and this would bring down any website or server unless it had pre-existing DDoS mitigating mechanisms in place, a professional DDoS attack has been seen to reach 50-80 Gbps and can cause disruption even with security measures in place, The Mirai botnet was able to reach 1.2 terabytes per second! Even a professional cyber security firm that specialises in DDoS attacks was unable to continue to defend against that kind of overwhelming power. For now, the only thing we can do is to make sure our devices aren’t being used in these types of attacks.