The source code responsible for creating the botnets that launched recent record-breaking DDoS attacks against cybersecurity news site Krebs on Security and French server hosting firm OVH have been released publically. The code, which its creator has named “Mirai,” was released on Friday on Hackforums, and reported on by Brian Krebs and many other cybersecurity news outlets.
The recent DDoS attacks against Krebs and OVS were extremely large – Krebs was hit with 620 gigabits per second of traffic and OVH was hit with over 1 terabit per second. According to experts, they were launched using botnets of IoT devices, such as cameras, which are typically insecure and easily hijacked.
Mirai’s creator claims that the malware was used to enslave around 380,000 IoT devices every day. Brute-force Telnet attacks were used on the IoT devices. However, after the DDoS attack against krebsonsecurity.com, ISPs have started to take action and the daily infection rate has dropped to 300,000. While this is good news that ISPs are beginning to take action against botnets, the release of the code for Mirai could lead to the creation of more advanced IoT botnets – and more huge DDoS attacks.
Read the full story and how to take steps to make sure your own IoT devices are secure at KrebsonSecurity and PCWorld. The story at Ars Technica also discusses the differences between Mirai and rival botnet malware Bashlight in more detail.