Malware That Took Part of the Internet Offline Presents Ongoing Threat

By Joshua Philipp, The Epoch Times
November 1, 2016 10:08 am Last Updated: November 1, 2016 11:41 am

Major websites including Netflix, Amazon, Twitter, Reddit, and others sputtered out on Oct. 21, as a cyberattack with record-breaking power brought down Dyn, an internet infrastructure company that, among other services, provides domain name services to keep websites running.

The attack should have actually been expected—and we can expect similar attacks to follow in the future.

An unknown group of hackers launched the attack with a new form of malware known as Mirai, which was posted on the internet on Oct. 1 for anyone to download and use. As Epoch Times reported on Oct. 6, the malware allows just about anyone to launch attacks capable of bringing down portions of the internet.

Mirai is unique in how it pulls its strength for attacks. It infects a massive network of devices connected to the internet—such as baby monitors, security cameras, and Wi-Fi thermostats—and uses processing power from these devices to overwhelm internet servers with fake traffic, forcing them offline.

A movement is now underway to secure devices used in the attacks, often called internet-of-things (IoT) devices, which often have little or no built-in security to guard against hackers.

The Mirai malware will only lose steam as the unknowing owners of the infected devices toss them out or replace them with newer ones.

A U.S. government agency is now working with law enforcement, the private sector, and the research community to “develop ways to mitigate against this and other related malware,” said Jeh Johnson, secretary of the Department of Homeland Security, in an Oct. 24 statement about the Mirai malware’s role in the Dyn attack.

Johnson said the National Cybersecurity & Communications Integration Center is helping with the efforts, and the Department of Homeland Security “has also been working to develop a set of strategic principles for securing the Internet of Things, which we plan to release in the coming weeks.”

The unfortunate reality, however, is that even with efforts to close security holes in the IoT devices, Mirai will likely present an ongoing threat for the next several years.

Efforts to secure IoT devices will only affect new devices being made on factory floors—and may have little impact on the devices Mirai is utilizing already in stores and homes across the United States. Mirai will only lose steam as the unknowing owners of the infected devices toss them out or replace them with newer ones.

Some IoT devices likely have shorter lifecycles, such as baby monitors. But many will likely have very long lifecycles, such as connected thermostats, security cameras, and digital video recorders.