It looks like Mirai malware DDoS botnet is here to stay — Hackers are currently using Mirai to shut down the Internet in an African country Liberia.
Mirai malware is a very dangerous of all the malware currently plaguing the internet because it converts Internet of Things (IoT) devices into botnets and later utilizes them for launching (distributed denial-of-service) DDoS attacks. This is why every single attack that is carried out using Mirai malware is huge and conducted at a massive scale.
Therefore, there is certainly no doubt about the fact that cyber-criminals would try to utilize this ability of Mirai malware for disrupting internet services of not only a city but an entire country.
An example we have already seen in the recent case of internet shut down across the US. A few weeks back, there was widespread Internet shut down in the US due to a series of DDoS attacks launched against the main DNS hosting service provider in the country DynDNS. In that particular attack, over 100,000 infected IoT devices were used. It was believed that this was an underwhelming attack since the capability of Mirai malware was much more than this.
Last week, we came to know that hackers were out to disrupt the internet service in an African country Liberia through Mirai IoT botnet called Botnet 14. Apparently, plans are underway to attack a whole country’s internet service by launching a wide-scale DDoS attack. Naturally, cybercriminals would be seeking to launch the attack through infecting vulnerable, unprotected IoT devices infected with Mirai.
In October, the malware’s developer released its source code on the internet, which made it all the more convenient for cybercriminals to launch attacks as per their capabilities. Experts are suggesting that the upcoming DDoS attacks would be bigger and may reach up to 10 Tbps, which is what the cyber criminals needs to take down the internet of a country.
Kevin Beaumont, a renowned security expert, believes that Botnet 14 is now being used to launch DDoS attacks against the “Lonestar Cell MTN” networks. It must be noted that Lonestar Cell MTN is a telecom firm responsible for providing internet service across Liberia through an undersea ACE fiber cable.
In a blog post published by Beaumont today, the security researcher noted that:
“From monitoring, we can see websites hosted in the country going offline during the attacks. Additionally, a source in the country at a Telco has confirmed to a journalist they are seeing intermittent internet connectivity, at times which directly match the attack.”
Transit providers explain Beaumont, have also confirmed that the launched attacks surpassed 500 Gbps as far as size was concerned but it is also true that these attacks could not be continued for a long time.
Beaumont also added that the traffic volume suggests that the botnet 14, which he has dubbed as “Shadows Kill Botnet,” is owned by the same cybercriminal who attacked Dyn network.
The issue to be concerned about is that if the DynDNS service can be disrupted for almost a day with only 100,000 Mirai botnets then what would be the outcome when attackers would utilize over 1 million botnets?
The situation is worrisome because with such huge capacity, not only Liberia but the attacker can easily deprive all the 23 countries in the African and European continents of internet services if it is provided through the ACE fiber cable.
The threat is increasing with the increasing number of vulnerable IoT devices because Mirai malware would keep infecting them one after another. You can remain secure only by protecting your smart devices with stronger passwords.