Powerful New Cyberweapon Can Take Down Portions of Internet

Mirai malware released by cybercriminals for all to use
October 6, 2016 Updated: October 6, 2016

A new tool, which is now among the most powerful known cyberweapons, was posted on the internet on Oct. 1 for anyone to use. Cybersecurity experts are now warning that in the coming months, we could see cyberattacks on new scales of power and prevalence.

“It has serious consequences,” said Thomas Pore, director of IT and services at cybersecurity company Plixer, who said it’s strong enough to take down “portions of the internet for specific countries.”

Pore said internet service providers have systems capable of withstanding hundreds of gigabytes of data a second, but they would unlikely stand up against the new form of malware known as “Mirai.” With this, he said, an attack on a service center could mean “all of Manhattan gets taken offline.”

The malware is significant for a two main reasons: On one side, it means cybercriminals and nation-states now have access to a tool capable of taking nearly any system offline. And on the other side, the attack brought to life concerns that cybersecurity experts have warned of for years—that connecting all the objects in our lives to the internet, with little attention to security, would eventually come back to haunt us.

The malware pulls its strength from an army of hacked “Internet of Things” (IoT) devices, basically a fancy way of saying “all devices connected to the Internet,” and the attack included everything from internet-connected cameras and digital video recorders, to internet routers and other devices. The infected devices are then used to build what’s known as a “botnet,” which can then be utilized to launch attacks.

In the IoT craze, companies have been adding internet connection to just about anything they can. This has included baby monitors, toys for kids, and even things like smart bras for women. The Mirai tool means that your wifi toothbrush could be getting used to attack a major network without you even knowing.

According to Pore, with these devices, “a lot of these companies want to be first to market,” and because of the rush, “security is just not in there. They’re just focused on getting the product out.”

A New Tool For Crime

The drama began on Sept. 13, when Krebs On Security, a cybersecurity blog run by Brian Krebs, was hit by what he described as “an extremely large and unusual” form of cyberattack, known as a distributed denial-of-service (DDoS) attack. DDoS attacks are fairly common methods used by hackers, and can take websites offline by overloading them with fake traffic.

This DDoS attack was unique, however. It attacked the Krebs website with 620 gigabytes per second with fake data, possibly making it one of the most powerful DDoS attacks ever recorded. According to Krebs, the Akamai security service that temporarily protected their website, said it was nearly twice as powerful as the previous record attack, earlier this year, at 363 gigabytes per second.

Krebs wrote on his blog that the release of Mirai is “virtually guaranteeing that the Internet will soon be flooded with attacks from many new botnets …”

According to Krebs On Security, Mirai spreads by continuously scanning the internet for IoT systems that still have their factory default protections or have default usernames and passwords—things that are common in IoT devices.

This differs from current botnets, which often use networks of infected computers. To bring computers into a botnet, cybercriminals need to infect them in a more monotonous fashion—often tricking people into clicking infected links that will then install a form of malware.

To get an idea of how many devices Mirai could infect, Pore said he ran a scanning tool, and in a short time, “I was able to personally … find and track down and find 32,000 [digital video recorders] across the world that can be compromised.”

With Mirai now available, it also means that the world’s collection of devices that can be infected are also up for grabs for anyone looking to control what is now the most powerful known botnet.

Pore said there’s a feature in Mirai that allows anyone to “reset” the botnet. Among major players in the cybercrime market, he said, there will likely “be a struggle to control the botnet.”

“I think for the very near future we are in a lot of trouble,” he said. “There are a lot of devices sitting on our shelves with default passwords and known vulnerabilities that can be deployed.”

Follow Joshua on Twitter: @JoshJPhilipp