How the Mirai botnet changed IoT security and DDoS defense
A comprehensive collection of articles, videos and more, hand-picked by our editors
Security researchers are warning that an advanced version of the Mirai malware code that was made public in October 2016 has been used to hijack around 100,000 home routers.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
At the time the code was released, security experts warned organisations with an online presence to prepare for terabit-class internet of things (IoT) botnet-based distributed denial of service (DDoS) attacks that could knock almost any business offline or disable chunks of the internet.
Now researchers believe that the new IoT botnet, dubbed Satori, could unleash such internet-crippling attacks at any time. The Satori malware was reportedly able to infected more than 280,000 IP addresses in just 12 hours, to hijack thousands of home routers by exploiting a recently-discovered zero-day vulnerability.
According security researchers at Qihoo 360 Netlab, the Satori botnet can propagate rapidly by itself like an IoT worm, using two exploits to connect with devices on ports 37215 and 52869.
Dale Drew, chief security strategist at CenturyLink, told ArsTechnica that the Satori botnet is already infecting two types of widely used home and small office routers made by Huawei even if they were protected with strong passwords because, unlike Mirai, it exploits remote code execution vulnerabilities and does not rely on default passwords for access.
The Huawei EchoLife Home Gateway and the Huawei Home Gateway make up about 90,000 of the 100,000 newly infected devices, according to Drew. The Satori malware also reportedly has a dictionary of 65,000 username and password combinations to try against other types of devices.
“It’s a pretty sophisticated approach,” Drew told Ars. The unknown operator “has a pretty significant scanning army right now, where he’s adding more and more vectors to his IoT pool”.
Possible link to another botnet
Qihoo 360 Netlab security researcher Li Fengpei told Bleeping Computer that common filenames, command and control portocols, and other features indicate that Satori could be linked to another Mirai-based botnet discovered last month, which has also reached around 100,000 bots, mainly located in Argentina.
According to Drew, security professionals have few options other than to closely monitor the botnet and block any new control channels it may use. “The scary story is we have botnet operators desperately trying to get access to nodes numbered in the hundreds of thousands if not millions,” he said.
“We’ve always said it takes a village to protect the internet. When we find a bad guy, we’re getting that information sinkholed and blocked much more quickly.”
As the number of devices connected to the internet continues to rapidly expand, so do the mass of vulnerabilities associated with the IoT, states Rodney Joffe, senior vice-president and fellow at information services firm Neustar.
“The sheer volume and complexity of these devices has opened a large window for targeted attacks, compromising the security and safety of household items, such as home routers,” he said.
Joffe believes that to mitigate these botnets, there needs to be a greater understanding of how to safeguard the realm of the IoT and everything it encompasses.
“While consumers are busying themselves with a brand new wealth of connected devices, making their homes – and lives – more convenient, it’s up to the manufacturers of these products to prioritise security,” he said.
Read more about IoT security
- Testing is key to IoT security, says researcher.
- Growth of the internet of things will be slowed or stunted if the industry fails to be proactive about data security, according to IoT Security Foundation.
- The influx of internet of things devices will inevitably bring security headaches. Don’t miss out on the opportunities of IoT, but learn how to avoid IoT security issues.
- The five key information security risks associated with the internet of things that businesses can and should address.
With every element of the IoT being connected, Joffe said the knock-on effect of one device being hit by some form of cyber attack has the power to, almost instantly, cripple millions of others.
“To work towards stamping out the huge threat to the IoT landscape, more cohesive security strategies need to be considered, with consumers being made aware of the wider ecosystem they’re signing up to, the potential risks associated with this, and how best to isolate them.”
“While the hype and attraction around connected products continues to unravel, it’s essential enough time is being taken to know these devices inside out, to realistically stand a chance at keeping consumer information in the right hands.”