Mirai Gets Better At Application Level DDoS Attacks

Mirai DDoS botnets have been responsible for several large Distributed Denial of Service attacks over the last few months, the most prominent of which caused availability issues for some of the internet’s biggest companies when the Dyn DNS service was targeted.

Recently, the MO of Mirai DDoS attacks has changed, as reported by Incapsula. Towards the end of February, a massive application-level DDoS attack was launched against a US college. Typically, Mirai botnets have not targeted the application layer, and, along with other changes in the attack signature, the recent attacks show that Mirai has evolved.

Mirai is not a single botnet and there’s evidence several large botnets use the Mirai malware to infect devices. Mirai is most often found on Internet of Things devices — smart devices that aren’t as smart as they should be where security is concerned.

In the attack against Dyn, the devices were predominantly internet-connected security cameras. Recent attacks include infected devices such as DVRs and routers. Most of the devices in the February attack were Digital Video Recorders from a single manufacturer.

The combination of rapidly evolving DDoS malware and an ample supply of insecure IoT devices means that DDoS attacks are a serious threat to any business that depends on web services and applications. It’s never been easier for criminals to take over vast numbers of devices and turn them against innocent victims.

It’s so easy that DDoS-as-a-Service is a booming business for criminals who make their botnets available to anyone unscrupulous enough to pay to have their “enemies” knocked offline.

While the criminals who carry out DDoS attacks should take the brunt of the blame, there’s no denying device manufacturers who fail to implement proper security bear some of the responsibility. The effect of flooding the market with insecure devices is predictable. Many are appliances like routers, used for many years with minimal interaction from their owner. Once they’re compromised and infected, the likelihood of a user noticing and doing something about it is small.

Implementing proper security may increase the cost of individual devices by a small amount, but, in comparison to the massive losses businesses targeted by Mirai face, the cost of securing devices at the point of manufacture is a drop in the bucket. It’s irresponsible of device manufacturers to make the online economy pay for their unwillingness to invest in even the most rudimentary security best practices.

For the foreseeable future, organizations will be forced to protect themselves from the ever-present threat of Mirai-based Distributed Denial of Service attacks. Steadfast’s managed security services include a comprehensive managed DDoS mitigation solution capable of protecting infrastructure hosting clients from the massive volumes of data generated by a DDoS attack.