Site icon FastNetMon DDoS Detection Tool

The Rise of IoT Botnets: Protecting Your Network from Mirai Attacks

Protection from Mirai attacks

First used in 2016, the Mirai botnet is old news. Built by two university students, the IoT-powered botnet was initially used to extort money from games server hosts. 

A few months later Mirai was used to launch one of the largest DDoS attacks ever seen against internet DNS provider Dyn. Using malware infected IoT devices like CCTV cameras, the botnet was able to generate tens of millions of malicious requests, directed at Dyn’s DNS service. When the service eventually failed, several of the world’s most popular websites were taken offline for approximately two hours.

Why does Mirai still matter?

There are a few reasons why Mirai still matters, even now, nearly six years after the original attack. First, the Mirai botnet is still active, meaning that there are tens of thousands of infected devices out there, primed for use in another DDoS attack. The Wynncraft Minecraft server attack in Q3 2022 proves the danger of Mirai has not gone away.

Second, the Mirai source code was leaked online, providing cybercriminals with a codebase on which to build and refine their own malware. Mirai code and techniques are believed to have inspired more recent botnet variants including the Okiru, the Satori, the Masuta and the PureMasuta.

In many ways, Mirai has shown the future of DDoS attacks. Using a decentralized, self-propagating network of zombie devices, cybercriminals are able to generate and direct vast amounts of traffic at their targets. Decentralizing the control process also makes it much harder to stop an attack because there is no longer a single command server for your security team to focus on.

As such, expect to see these kind of IoT-based DDoS attacks more frequently in future.

Why do we have to protect our own resources?

Given that Mirai (and similar malware) works by compromising IoT devices, who should take responsibility for preventing future DDoS attacks?

Manufacturers?

Mirai malware works by exploiting known vulnerabilities in the embedded Linux operating system used by various IoT devices like IP cameras and home routers. By issuing software updates, manufacturers could help to patch these exploits.

However, many of the compromised devices are from budget manufacturers who provide little or no support. Software updates are rare – or completely non-existent. As a result, these vendors have little or no interest in providing after-sales support or fixes.

IoT device owners?

Often the compromised IoT devices are consumer-grade devices. Even if manufacturers provide firmware updates, many end users lack the knowledge or confidence to update their hardware. Given that the effects of infection are almost negligible (slightly increased bandwidth usage, occasional sluggishness), most users would not bother applying the patches anyway.

ISPs?

ISPs could detect and block malicious traffic if they chose to. Because DDoS traffic volumes tend to be lower than regular video streaming, most ISPs classify the bandwidth usage as manageable – and therefore not worth worrying about. 

You?

As the only party with a vested interest, it is down to your business to protect against malware botnet activity. It is your bandwidth and resources being targeted, so you need to implement the relevant safeguards to identify and mitigate a DDoS attack.

How to protect your network against Mirai

The key to managing a Mirai DDoS attack is preparation, having mitigation safeguards in place before an attack is launched. FastNetMon provides reliable and accurate detection and response automation. Importantly, FastNetMon can respond in as little as two seconds, allowing you to block an attack before your resources are overwhelmed.

FastNetMon has been engineered to protect against the most advanced DDoS attacks, including: 

But more than simply detecting DDoS attacks, FastNetMon can also automate your response. There are three key tools for mitigating a Mirai botnet attack:

Ready to learn more?

FastNetMon is future ready, able to protect against DDoS attacks from the Mirai botnet – or any other malware-driven source. To learn more, why not try FastNetMon free for one month?

Exit mobile version