It Could Get Ugly, Source Code For 'Mirai' IoT DDoS Botnet Released To The Wild
Image Source: Flickr (Christiaan Colen)
The malware powering the botnet behind the record attack is called Mirai. According to Krebs, it spreads to vulnerable devices by looking for and taking advantage of IoT gadgets using factory default or hard-coded usernames and passwords. Once it finds a vulnerable device, malicious software is loaded onto it, turning the gadget into a bot that a bot that reports to a central control server used for launching DDoS attacks.
A hacker who goes by the online nickname Anna-senpai released the source code for Mirai on Hackforums, an English-language hacking community.
"When I first go in DDoS industry, I wasn’t planning on staying in it long," Anna-senpai stated in the post. "I made my money, there’s lots of eyes looking at IOT now, so it’s time to GTFO. So today, I have an amazing release for you. With Mirai, I usually pull max 380k bots from telnet alone. However, after the Kreb [sic] DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300k bots, and dropping."
Krebs said he's been able to confirm that the botnet that targeted his blog was powered by Mirai, though it's not the only major malicious code that employs IoT devices in such manner. There's at least one other major strain called Bashlight. Like Mirai, it spreads to systems using default username and password combinations.
This is the future, folks. In time, vendors and the population at large will take IoT security more seriously as these types of attacks draw increased media attention. In the meantime, you can stay ahead of the 8-ball by ensuring you're practicing good IoT security, tips for which you can find here.