Mirai Writes New Chapter in the History of DDoS Attacks

The Mirai malware is seen as a milestone in the threat landscape, showing that IoT botnets can be used in distributed denial-of-service (DDoS) attacks and can deal significant blows. It entered the spotlight in autumn last year, and its damage is likely to be felt for some time to come.

Here’s a timeline of the most important events in the life of the Mirai malware:

–          Early August 2016: Independent security researchers start analyzing Mirai, which had gone almost unnoticed because samples were difficult to retrieve from infected IoT devices (mostly routers, DVRs and IP cameras)

–          September 20, 2016: Mirai botnet of 145,607 devices (IP cams and DVRs) hits a few Minecraft servers hosted by French provider OVH. Two consecutive assaults added up to almost 1Tbps and the botnet continued to add infected IoT devices by the thousands

–          September 20, 2016: Mirai DDoS botnet targets the website of security journalist Brian Krebs with a sustained attack of more than 600Gbps. The journalist was forced to take down the website for three days until he could find better protection from the assaults.

–          Around October 1, 2016: Mirai source code becomes available on public forums, allowing hackers to create their own botnets, add new features to the malware and create variants that would evade detection

–          October 21, 2016: Mirai operators shake the Internet as they fire at Dyn, a major DNS service provider. The shock hits high-profile websites like Twitter, Github, Reddit, Netflix, Airbnb, PayPal, Amazon, Spotify, with some of them becoming temporarily unavailable to users.

–          November 4, 2016: Liberia is hit with a DDoS attack from a botnet based on Mirai malware code, knocking offline websites hosted in the country. Security researcher Kevin Beaumont says the blow packed more than 500Gbps of meaningless traffic.

–          November 27, 2016: Routers of Deutsche Telekom customers start having Internet connection problems; Mirai is confirmed the next day (1 | 2)  and Deutsche Telekom says around 900,000 were affected

–          November 27, 2016: The variant of Mirai that knocked Deutsche Telekom routers offline also impacts the routers of UK Internet Service Providers TalkTalk, UK Post Office and Kcom, affecting more than 100,000 customers.

–          February 28, 2017: A Mirai hoard of connected devices target a US college for 54 hours (1 | 2)

Since the Mirai source code was released, hackers can create new variants of the malware and carry out DDoS attacks. Until now, security researchers have detected more than 430 Mirai-based botnets hitting targets across the globe. Although most act for just a few seconds, there are records of assaults lasting for an hour.

Mirai, though, was not the first botnet to recruit hundreds of thousands of connected devices. In 2013, an anonymous security researcher created an army of about 420,000 embedded systems in an experiment that ran from March through December. Hijacking this many devices was possible because they were exposed on the web and ran with the default password, or no password at all.

Regardless of the malware family used in DD0S attacks, one thing is certain: botnet masters have found a powerful, easy-to-use weapon.

Photo credit: Jack Moreh for Freerange Stock

33 comments

  • By Kirk - Reply

    When will Box 2 be released?

    • By Mihai - Reply

      Hi Kirk, we will be releasing the second version of BOX this fall.

  • By Richard - Reply

    Great but how do I get Bitdefender Box ?

    • By shakeshuck - Reply

      I get a Bitdefender Box banner at the top of this page – do you?

    • By Mihai - Reply

      Hi Richard, BOX can be purchased from here: https://www.bitdefender.com/box/

  • By Keith Rameshwar - Reply

    How do I get the ‘box’?

  • By C.Woodward - Reply

    I do not see any asteristks. I donot understand what this is about, it makes no sense to me

    • By Mihai - Reply

      Hi, if you have any questions regarding BOX and the protection it offers, please write us an email at boxsupport@bitdefender.com.

  • By Tom Ferraioli - Reply

    Thanks for the heads up that is why I use Bitdefender !

    • By Mihai - Reply

      Hi Tom, we’re honored you trusted us with your security.

  • By Claude Tremblay - Reply

    SVP your message is possible in french also

    • By Mihai - Reply

      Hi Claude, if you wish, we can answer you questions in French. Please write us an email at supportbox@bitdefender.fr.

  • By Judy M Farver - Reply

    Thank you for this information. I assume I have protection against this happening on my computer with Bitdefender Total Security. Is that correct? Also, I have a Netgear Router connected to my computer, is that a problem?

    • By Mihai - Reply

      Hi Judy, you are fully protected on the computer on which you have Bitdefender Total Security. However, smart devices like routers, smart TV’s, baby monitors, printers and any other devices that can connect to the Internet are not covered because you cannot install security locally on them. For those devices we designed BOX that is able to scan all traffic they do and in case BOX detects malicious activity on them, it will block it.

  • By Chuluunbat - Reply

    Hi

  • By Jacquelyn Williams - Reply

    I do wish there was a phone # that I could use to ask questions of your techs.
    AS I keep getting a WARNING that my computer is at risk and they give me
    phone # to call. (844) 763-5838 I have never called it, as I was told it was a scam,
    how can you remove this if I can’t talk to technician?

    • By Nordgard - Reply

      You probably have a Malware already. Try Malwarebytes to scan Your Computer. I use it from time to time in addition to Bitdefender.

    • By shakeshuck - Reply

      These come through adverts or can be linked to (in my experience) through download sites.
      I have noticed Bitdefender (the free version) doesn’t seem very good at catching these.

    • By Mihai - Reply

      Hi Jacquelyn, please write us an email at bitsy@bitdefender.com with a full description of the situation you are facing and our support department will be more than happy to help.

  • By Norman - Reply

    Does my current Bitdefender package protect me? If not what do you suggest?

    • By Mihai - Reply

      Hi Norman, if you have a Bitdefender BOX, you are fully protected against this type of threat. As opposed to regular security solutions, BOX protects all devices, even those on which you are not able to install protection like smart TV’s, smart thermostats, baby monitors or any other device in your house that is able to connect to the Internet.

  • By Steve Kazmarek - Reply

    Great info! What is Bitdefender Box?

    • By Mihai - Reply

      Hi Steve, BOX is a hybrid security solution, both hardware and software, designed to protect all devices that connect to the internet, regardless of their operating system.

      Besides protection for PCs, Macs or Android devices, BOX protects iPhones, gaming consoles, tablets, e-book readers, smart TVs and any other Internet of Things devices. Basically BOX will protect any Internet-connected device that didn’t have any security solution available before.

      If you wish to find out more about the BOX before making a decision, access our dedicated website http://www.bitdefender.com/box.

  • By lj4linux - Reply

    Use LINUX! It’s your best chance!

    • By Conrad - Reply

      Linux can also be infected
      so spread the illusion that Linux is 100% safe is just wrong…!!!

      • By Mihai - Reply

        Hi, most IoT devices that were used in the Mirai attack were using Linux as an operating system and we can say that not even Linux is safe nowadays.

  • By Kerry D Metzger - Reply

    I just installed a new Windows 10 pro 64 bit install on my Lenovo 3.33 gh deuo core LGA 775 Intel Computer. And on my backup computer 2.6 gh and 64 x 2 am2 is both having messages saying Somthing in the line that Bitdefender is busy and can not be acceded right now. One bitdefender is totally missing And the other says at shutdown some problem with bitdefender. And it a god thing I read this. Because I was just about to uninstall Bitdefender. Can somebody help me Please!!!!!!!!!????????????????????

    • By Mihai - Reply

      Hi Kerry, please write us an email at bitsy@bitdefender.com and we will be more than happy to help.

    • By Paul Berentsen - Reply

      Kerry, I had the same experience about the same time as you. But after getting in contact with Bitdefender, I was able to install the latest version and that problem was solved.

      But—did you also happen to find out that you could no longer save a file to your user account? (I can only save a file to my networked desktop. I can read any document on my Lenovo laptop, but cannot save it–edited or not! If you happen to see this, please post your answer here.

  • By George - Reply

    Is it available in the UK?

    • By Mihai - Reply

      Hi George, for now BOX is available for purchase and use only in the US, France and Japan. However, we are striving to make it available to other parts of the world as well, such as the UK.

  • By Robert - Reply

    When is Box2 available in Australia and what is the cost in AUD$ ?

  • Add Comment

    Your email address will not be published. Required fields are marked *