What is Mirai botnet?
Mirai is a self-spreading malware which targets internet connected IoT devices such as smart TVs, CCT cameras, routers and other home appliances. It primarily targets the internet connected systems running Linux OS to turn them to remotely controlled “bots”. These bots are then used to launch large-scale network attacks. Mirai was first identified in DDoS attack on Krebs on Security website on 20 September 2016. This malware gained public attention after the recent historic DDoS attack on Domain Name System(DNS) provider Dyn. Cyber investigation revealed that 10 million Internet of Things were used to shoot this DDoS attack. Launching a DDoS attack is a painstaking task as it requires a careful programming and millions of machines under single control. But with Mirai, a program written in C language, it is quite easy to launch a DDoS attack with the help of minimal requirement.
How does it work?
The system affected with Mirai malware scans for other internet accessible IoT devices in the network for every 2 minutes. Most of these IoT devices are not protected by any firewall or router .It then exploits the device with factory default or hard-coded usernames and passwords, logs into them, and forces them to report to the central controller. These affected devices are turned into bots which can be used in DDoS attacks. This malware does not harm the infected device but it sits in the system, waiting for the instructions to attack the target. An analysis says that Mirai uses a list of 60 username and password combinations to break into poorly secured IoT devices.
How dangerous is it?
The source code of Mirai malware is open source, meaning that the code is available for anyone on the internet. Although it provides an insight for security researchers to dissect the malware, it also provides cybercriminals a proven platform to code another software resulting in the emergence of new varieties of malware. There are plenty of IoT devices in the world, which is left unnoticed after installation with default credentials are vulnerable to this malware. These vulnerable devices persist in the network becomes an easy target for Mirai. The devices affected with this malware can be cleaned by rebooting the device but it can be reinfected withing a minute unless the default credentials are changed. It supports attacks against systems running with both IPv4 and IPv6. Compromised systems are capable of sending malicious traffic to their targets to disrupt the internet services.
How to protect IoT devices?
The major responsibilities to protect IoT devices are in hands of the device manufacturer but it is also the responsibility of the user to safeguard their devices from malware attacks.
Change the default credentials after first login
Create a strong password
Use only necessary features, plugins, and services
Use wired internet connections
Check with the manufacturer and update firmware regularly
Disable remote access when not used