Mirai IoT botnet code release raises fears of surge in DDoS attacks

Organisations with an online presence should prepare for terabit-class IoT botnet-based DDoS attacks that could knock almost any business offline or disable chunks of the internet, warn security experts

Security experts fear that the release of the code for the Miraibotnet will prompt a surge in powerful distributed denial of service (DDoS) attacks that will knock almost any company offline.The malware code released on an underground forum at the beginning of October enables attackers to hijack thousands of devices making up the internet of things (IoT), such as webcams, to carry out DDoS attacks.The Mirai malware spreads by scanning the internet for IoT devices, including routers, protected only by default usernames and passwords to infect and hijack them to carry out DDoS attacks.

Security blogger Brian Krebs, who believes Mirai was used to hit his news site with a DDoS attack of 620gigabits per secondĀ (Gbps) in size on 20 September 2016, said the release of the malware code virtually guarantees that the internet will soon be flooded with attacks from many new botnets.

A week later, French hosting firm OVH was hit by an attack that peaked at more than one terabit or 1,000 gigabits per second.

The OVH attack set a new record and is believed to have been enabled by using the combined bandwidth of a botnet of 150,000 IoT devices, according to The Hacker News.

Read More