Mirai Malware Causing Havoc Among IoT Devices Manufacturers and Security Experts after its source was published online.
Since the developer of Mirai malware published its source code online, the Internet of Things (IoT) devices has become highly vulnerable to malware infections.
In fact, research suggests that the number of Mirai infected IoT devices have increased substantially. The malware developer claimed that his malicious code has infected over 380,000 IoT devices but that was before the source code was leaked.
Initially, the experts didn’t pay much attention to the probability of increased infection in IoT devices after its source code became public. However, when massive distributed denial of service (DDoS) attacks were launched against Brian Krebs’ website and OVH, website hosting services provider, made the experts come together and take notice.
Level3 Communications’ research team has been inspecting the activities of Mirai since then and they have come to the conclusion that since the source code leak, the number of infected devices doubled. They monitored the command and control servers of Mirai malware and identified that around 500,000 IoT devices have been infected. But this is just a starting figure while the actual number could be much higher. The reason is that when the source code was leaked, multiple new botnets sprouted causing such a massive number of devices to become infected.
Level3 researchers have also identified that nearly 100,000 bots were used in some of the DDoS attacks that they monitored against one target.
Security experts are of the opinion that devices manufactured by the Taiwanese firm AVTECH, and Chinese XiongMai Technologies and Dahua Technology are highly vulnerable to getting infected with Mirai.
It must be noted that over 80% bots are actually DVRs due to which Mirai malware can identify and infect a wide range of IoT devices including Linux servers, routers, IP cameras and Sierra Wireless’ gateways. Level3 has also revealed that at least one-quarter of the infected IoT devices are present in the US after which comes Brazil with 23% and then comes Colombia with 8% of total identified infected devices.
It is also stated that over a quarter of the Mirai bots contain another powerful malware Lizkebab or Bashlite. This means various malware families are targeting a specific pool of vulnerable devices. It is surprising that Mirai’s command and control servers were targeted multiple times during DDoS attacks that were launched using the Bashlite bots.
Experts believe that:
“With the recent and frequent introduction of new Mirai variants, we expect continued DDoS activity from Mirai botnets. In some cases, we see the new variants running all of their infrastructures on one or two hosts, as opposed to the original Mirai variant which had many different hosts and frequently changed IPs to avoid detection or attack,” claim security experts at Level3.
It is indeed an alarming fact that the structure of botnets infected with Mirai is evolving rapidly and since the leak of the source code various authors is adding their bits to make it more vicious.
We highly recommend visiting Level 3’s blog for in-depth technical details.