Tuesday, October 4, 2016

Why the Mirai IoT Botnet Changed the DDoS Game

Over the weekend the Mirai code for the IoT botnet was released on the internet. Essentially, this allows copy cats and borderline script kiddies to adjust the code as needed for their own misguided use. The Mirai botnet was the botnet that took down both Krebs and OVH last week and there’s been debate as to the number of hosts commanded by it. Either way, it ended up throwing two of the largest DDoS attacks ever seen. The OVH attack tipped the scales at around 1 tbps, which is like wielding your own personal Death Star across the internet. 

This being said, I think we’ll see the Mirai botnet start declining, but that they’ll be an uptick in IoT related DDoS attacks. This was only one botnet, made mostly from small cameras attached to the internet, but what happens when someone goes out and starts creating a botnet from multiple IoT related devices? What if they slowly harvest vulnerabilities within the plethora of insecure IoT devices? An attacker could slowly command an army of soda machines, thermostats, cars, DVRs, etc that when combined will be larger than anything we’ve ever seen before. This like a botnet-of-botnets (BoB) making one mega-botnet to rule them all (okay, now there’s LOTR references in here too, sorry).

Either way, the Mirai IoT botnet has shown that DDoS is about to turn it up to 11 real soon and hopefully the Akamai’s, Cloudflares, Google, etc are going to be ready for it. These providers are always looking to have N-size the amount of bandwidth from the largest known DDoS attack on record, so this might leave have them scrambling to determine bandwidth sizes for the future. I also think the ISPs need to start playing a bigger role here when it comes to botnets of this size, but regulation and corporation from other countries would also need to be involved and this has always historically been difficult.

So this is why Mirai changed the game. It almost completely brought down a DDoS mitigation network, which means if there were two botnets of equal size it would be difficult to maintain. This also means if they can’t support multiple attacks of this size their other customers will be left unprotected and vulnerable to attack, or even leaving their “always on” customers with a potential internet outage.  Lastly, this starts the herding of an untapped market of IoT devices ripe for the picking and I think we’ll see copy cats using similar code on different IoT devices real soon. Things are about to get interesting.

1 comment:

  1. Hello friends
    Today I will introduce to everyone my favorite game collection in 2018. I installed the game and many other applications on the home page below:

    There are many great apps and games to choose from. Best quality app store I know of. I want to share these convenience stores with everyone. These are free shops for everyone in the world:

    - How to fix Play Store errors Download
    - Play Store for PC Download
    - Play Store for iOS Download

    Thank you!