Mirai BotNet

Mirai- a botnet with power to disrupt the internet as we know it

Recently a range of cyber-attacks affected popular sites like Twitter and Reddit. The attacks the results of malware known as Mirai which manipulated smart technology to take these sites down. Mirai used vulnerable technology to launch a Distributed Denial of Service attack, which overwhelmed the web service DYN. It resulted in slow internet speed, low traffic, and offline websites.

Mirai Targets Technology and Turns it into Bots

Mirai is like a parasite, it will use a host in order to launch cyber-attacks. The botnet scans the Internet for IoT systems that are protected by weak security measures.

Botnets are able to exploit weak security measures. If that occurs, then weak security measures become infected with malware that directs them to a central control system, where they are prepared to launch attacks to take websites down.

Mirai is so powerful that it can break into a wide range of devices like CCTV cameras to DVR’s. It has been established that there is almost half a million of Mirai-powered bots worldwide.

Mirai Source code release - a promise of more attacks in the future

It has been unveiled that Mirai source code, a code that powers it, has been made publicly available on hacker forums. Now the hacking community has the access to information that will allow them to infect millions of smart devices. It was the Mirai developer who unveiled the information himself along with the information that over 300,000 devices were already infected.

What is more, a deeper investigation showed that Mirai has already been spread to 164 countries all around the world including countries like Vietnam, Mexico, Montenegro and Somalia. It is believed that the creator of Mirai is a Russian person based on the comments he has made online, but it also seems that more than one person could be working on Mirai and constantly improving it. We are not talking about one or few people, but actual groups of people.

How does Mirai work?

Mirai has been built with two main purposes in mind.

Firstly, to find and compromises devices in order to increase the footprint of the botnet.

Secondly, to launch DDoS attacks based on instructions. Mirai completes scans of many IP addresses to located IoT devices that have weak security and they access them through easily guessable login details. The search for weakly secured devices occurs by scanning against destination ports TCP/23 and TCP/2323. If those ports were shielded, then the scanning would not be possible.

It has been established that Mirai has been programmed to use a dictionary for username and password combination. There are 62 combinations that are most commonly used as default credentials for IoT devices. Certain devices can be cleaned with a system restart, but because Mirai is running constantly then most devices will become reinfected as quickly as it is restarted and back online.
Mirai bot has also been programmed to avoid scanning certain IP addresses.

For example, the US Postal Service, the Department of Defence, IANA, Hewlett-Packard and General Electric IP addresses are out of Mirai’s league. Mirai is extremely powerful because it can eradicate and take place of other bugs and Trojans and it is impossible to remotely hijack a Mirai infected device.

Is it possible to protect yourself from Mirai?

Most users that want to be protected from Mirai are advised to shield TCP/23 and TCP/2323 access to their devices and also disable all WAN access to them.

But since Mirai works on guessing weak login information it is also advised to change default usernames and passwords on all devices.
The fact that Mirai source code has been released online has also given the chance to study and analyze it for every security researcher.

The information helps to better understand the botnet and find solutions how to protect devices from it.

What is more, it is believed that even more powerful botnets will appear in the future so the source code of Mirai might be the key information in learning how to avoid them and the damage they will aim to cause.