In the fallout from last Friday’s distributed denial of service attacks on DNS (Domain Name Service) hosting provider Dyn, one question has been on everyone’s mind: How could an attack like this happen? Dyn said in a statement that the tens of millions of IP addresses associated with the attack were from IoT devices that had been infected with the same Mirai malware used in the earlier attacks on KrebsonSecurity and OVH. While botnets have existed since the early days of hacking, IoT botnets are a new twist on the old formula. Our Information Security Threat Analyst Marc Laliberte wrote a column for Help Net Security explaining how Mirai creates botnets made up of IoT devices and how they are different from the PC-based botnets of the past. Here’s an excerpt of his article:
The Mirai botnet follows the same formula of most botnet malware by performing two main functions; growing the botnet by finding and infecting more vulnerable hosts, and launch DDoS attacks using the infected hosts. Where Mirai and other IoT botnets differ from traditional Windows-based botnets though is their devastating effectiveness in spreading to a huge number of IoT device hosts.
In comparison to traditional Windows-based botnets, IoT botnets flourish thanks to a lack of security by design with most IoT devices. Many IoT manufacturers don’t have experience securing network connected devices and often opt for off-the-shelf, embedded operating systems without default settings and exposed network services.