Industry News

For rent: An IoT botnet to take down much of the internet

Nobody knows for sure who launched a massive Mirai botnet attack against parts of the internet on Friday, but there’s no denying that they made themselves felt.

Hundreds of thousands, if not millions, of devices are thought to have been compromised by Mirai and recruited into the botnet. That botnet was then put to work, launching a distributed denial-of-service attack against the Dyn domain name service that had a dramatic impact on some of the world’s most popular websites, making them inaccessible to many internet users.

gov-tweet
Source: Twitter

Sites affected included Netflix, Spotify, Twitter, Github, and even the UK government.

In a statement Dyn confirmed that it had suffered a “sophisticated attack across multiple actor vectors and internet locations”, and that tens of millions of discrete IP addresses involved in the attack were devices infected by the Mirai botnet.

ddos-hits-websites
Source: reddit.com

And now, as Forbes reports, it has emerged that criminals were offering to sell a week’s worth of access to 100,000 hacked IoT devices for just $7,500 on the dark web at the beginning of October.

iot-botnet-advert
Source: forbes.com

I’m selling spots on one of the biggest botnets in the world. I will show more details proof for only SERIOUS buyers. attack power is around 1tbps [layer4] and around 7million r/s [layer7]

User limited to 50k bots – $4600
User limited to 100k bots – $7500
The price is per week.

The seller claimed that his botnet was based upon the Mirai source code, released publicly just a few days before.

It’s hard to imagine that some criminals won’t feel that that’s a small price to pay for the potential profit they might be able to extort out of their targets.

And, it’s worth bearing in mind, that we all have our part to play in protecting the internet from attacks like this. Botnets like Mirai are built on the shoulders of poorly-secured IoT devices like those produced by Sierra Wireless, compromised because they contain vulnerabilities or are connected to the public internet using default passwords.

Where possible, change the passwords used to access your IoT devices remotely, and apply any security patches which are available.

Meanwhile, websites which fear they might be at risk from similar attacks involving their DNS providers may be wise to build some mitigation in right now – adding additional DNS providers just in case one (like Dyn) goes down.

If you want to better secure all of your home’s connected devices against IoT threats, be sure to check out Bitdefender BOX.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

1 Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.