Mirai malware blamed for internet attack

 

NEW YORK / AP

A massive internet attack that
paralyzed Twitter, Netflix and other services is being blamed on a specific kind of malware designed to harness the power of ordinary consumer devices. The bad news: Using it isn’t particularly hard and doesn’t require much money. The malware, known as Mirai, was recently posted online for others to adapt for their own attacks.
Researchers say Mirai exploited security vulnerabilities in thousands of internet-connected devices such as web cameras, then used those devices to attack a major internet firm, resulting in widespread outages. Researchers say Mirai has been used before, but not on the scale of Friday’s attacks. Here’s a look at Mirai and what makes it so destructive.
Dyn Inc., an internet company in Manchester, New Hampshire, said its servers were hit by a distributed denial-of-service attack. These types of attacks work by overwhelming targeted computers with junk traffic, so legitimate traffic can’t get through.
Jason Read, founder of the internet performance monitoring firm CloudHarmony, said his company tracked a half-hour-long disruption early Friday affecting access to many popular sites from the East Coast. A second attack later in the day spread disruption to the West Coast as well as some users in Europe.
While distributed denial-of-service attacks have been around for years, hackers have many more devices they can use to pull off their attacks, thanks to the proliferation of internet-connected cameras, thermostats, lights and more.
And Mirai makes it easy for a would-be attacker to scan the internet for devices to take over and turn into “botnets” for launching coordinated attacks, Chris Carlson of the cybersecurity firm Qualys said.
While botnets have been used as weapons for nearly a decade, they have typically been employed by organized crime groups that targeted websites involved in less-than-savory businesses such as pornography or gambling. Those sites pay extortion money to make the problem go away quietly, Carlson said. “But when you bring it to Dyn, and a lot of the internet gets shut down, people take notice,” Carlson said.
Researchers at the cybersecurity firm Flashpoint say very few devices in the U.S. seem to be involved. Most of the junk traffic heaped on Dyn came from internet-connected cameras and video-recording devices that had components made by an obscure Chinese company.
Because the components were put into a variety of devices that were then packaged and rebranded, it’s hard to tell exactly where they ended up. But Flashpoint researchers Allison Nixon and Zach Wikholm say their research shows that the bulk of them ended up in Vietnam, Brazil, Turkey, Taiwan and China.
Probably. Hacker groups have threatened targets ranging from the Russian government to major corporations and the U.S. presidential election. But it’s unclear if those groups are actually capable, or just making empty threats. Experts say that whatever the target, more attacks are inevitable in light of the continued growth of connected devices and the lack of security requirements for them. Therefore, the solution lies in boosting device security at the hardware level.

Leave a Reply

Send this to a friend