Mirai claims another victim in 54-hour DDoS attack

The threat of DDoS attacks through IoT botnets is rising. A new version of the Mirai malware has been detected following a 54-hours DDoS attack on a US college last month.

Researchers said it was a “Layer 7” attack that consumed server resources and was launched at application-layer, unlike previous Mirai attacks, according to BleepingComputer. However, hackers had a similar strategy as in the campaigns against Dyn’s DNS and KrebsOnSecurity – they exploited known vulnerabilities in CCTV cameras, DVRs and routers.

Overall, the two-day attack “blasted 30,000 RPS (requests per second) at their target, with a peak value of 37,000 RPS” and involved more than 9,700 IP addresses from all over the world, most of them in the US (18%), Israel (11%) and Taiwan (11%).

Mirai infections are on the rise after the author, Anna-Senpai, released the source code. The original attacks were on KrebsOnSecurity, and what followed on Dyn, TalkTalk, and a number of ISPs in Germany and the UK, were copycats. The new botnets were infected with modified versions of Mirai, some updated to spread the infection to Linux hosts.

Brian Krebs, one of the first victims of the original malware, believes he has uncovered the identity of Anna-Senpai, the Mirai worm author. He alleges Paras Jha, the owner of a DDoS protection service from New Jersey, is behind the software’s development and circulation.