A new wave of Distributed Denial of Service attacks using the Mirai botnet seems to have targeted Liberia’s internet service provider, potentially affecting the entire country.
Comprised of vulnerable and remotely controlled IoT devices, the MIrai botnet was also responsible for the attack on U.S. DNS service provider Dyn two weeks ago, although the attack on Liberia seems less powerful. However, at 500 Gbps, the DDoS attack on Liberia could have devastating consequences for the country, as its main internet service provider has been struggling to cope for a couple of days.
“The DDoS is killing our business,” said an employee with the service provider. “We have a challenge with the DDoS. We are hoping someone can stop it. It’s killing our revenue. Our business has been targeted frequently.”
Although the current Mirai botnet is believed to comprise around 500,000 compromised internet-connected and poorly secured smart devices, the attack on Dyn is estimated to have only involved the use of 100,000 such devices. Security researcher Kevin Beaumont believes the botnet is testing out new denial of service techniques with some of these attacks.
“Last night, while tweeting about the attacks, the botnet started sending messages,” wrote Beaumont. “Monitoring is continuing of the botnet, but so far it appears they are testing denial of service techniques.”
While it’s unclear whether the Mirai botnet could disrupt the system nation-wide, the security researcher believes it is possible.
Bitdefender’s internal IoT telemetry has shown that almost 2% of internet-connected smart devices have weak or no passwords for their Telnet service. Mirai is known to use this service to gain remote access to smart devices, and while the 2% metric might sound diminutive, it could be that roughly 128 million smart devices could potentially be bots.
Users are strongly encouraged to change the default passwords of their smart devices and take every step necessary towards securing them against these types of attacks.