Secure your iPhone against threats with Avast One
The Mirai botnet scours the internet for unsecured smart devices, and seizes control of them to create a network of bots capable of launching devastating cyberattacks. We’ll explain how these botnets work, why new Mirai threats continue to emerge, and how to keep your networked gadgets safe with strong security software.
This article contains:
Unlike other cyberthreats, Mirai malware mostly impacts networked smart home devices such as routers, thermostats, baby monitors, refrigerators, etc. By targeting the Linux OS that many Internet of Things (IoT) devices run on, Mirai malware is designed to exploit vulnerabilities in smart gadgets and link them together into a network of infected devices known as a botnet.
Once a part of the botnet, hijacked hardware is then co-opted to commit further attacks as part of a herd of zombie machines. Traditionally, botnets have been used to conduct phishing campaigns and large-scale spam attacks, but the nature of IoT devices make Mirai botnets ideally suited to bringing down websites or servers through DDoS attacks.
After infecting a computer, botnet malware like Mirai spreads to other devices before launching a networked attack.
The origins of Mirai can be traced back to a college student named Paras Jha and his friend Josiah White. Having written the Mirai botnet source code in 2016, they then used their creation to try and extort Jha’s own university by launching DDoS attacks on the institution.
Jha and White then took their hacking to another level, targeting servers hosting the immensely popular Minecraft video game, as well as the companies contracted to protect the lucrative gaming servers from precisely this kind of DDoS disruption.
The initial development and use of the Mirai botnet against Minecraft gaming servers was the work of Paras Jha and Josiah White. But in September 2016, the pair seem to have leaked their own code online in an effort to obscure the origins of their botnet attacks.
Out in the wild, Mirai snowballed out of control, as it was replicated and modified by other cybercriminals. It has continued to wreak havoc in various forms ever since – most notably in a wide-scale DDoS attack that took down large portions of the internet across the US.
To understand how the Mirai botnet works, you need to start with the vast network of internet enabled household devices known collectively as the Internet of Things. These gadgets are an increasingly common fixture in modern smart homes, but they open up another potential attack surface for cybercriminals to exploit.
First, Mirai malware scans IP addresses to identify smart devices running a version of Linux known as ARC. Then, Mirai exploits security vulnerabilities in the IoT device to gain network access via default username and password combinations. If these settings haven’t been changed or updated, Mirai can log in to the device and infect it with malware.
As the number of devices caught in the infected network mount, the cybercriminals in control then use the Mirai botnets to crash targeted websites or servers by bombarding it with more traffic that it can handle. The site or service will remain inaccessible to normal users until the DDoS attack is resolved, which increasingly involves the payment of a ransom.
Infected devices in a botnet can be used in devastating DDoS attacks.
Once Mirai has infected a smart device, it turns it into another zombie in an army of remotely controlled bots. Mirai will even purge any pre-existing malware to ensure the device is securely locked into the botnet — all without the consent or knowledge of the owner.
Under the control of the botnet creator, IoT hardware can then be forced to scan networks for other vulnerable devices to exploit, ensnaring yet more victims in the Mirai botnet. And since most smart homes are not equipped with comprehensive network security, smart devices remain vulnerable to Mirai and other IoT botnets.
Most devices that the Mirai botnet attacks are home routers and cameras, but almost any smart device is susceptible to IoT botnets. The same network connection that gives robot vacuums, IP intercoms, kitchen appliances, and smart vehicles their functionality in a smart home is also a potential backdoor for malware.
There are some parts of the IoT which are impervious to Mirai, but this is because the malware’s creators programmed their code not to attack certain IP addresses, such as those owned by the US Department of Defense.
Mirai botnets are particularly dangerous because they’re used in DDoS attacks, which can be commercially devastating and extremely difficult to stop. DDoS attacks have forced businesses to cough up large ransoms in several high-profile cases.
Mirai emerged in September, 2016, with major DDoS attacks on Minecraft gaming infrastructure, including the hosting service OVH. After the botnet was used to crash the website of the prominent cybersecurity journalist Brian Krebs, people began to take notice.
Then, after the Mirai source code was mysteriously shared online by a profile with the username “Anna Senpai,” a series of high-profile Mirai DDoS attacks rocked the internet — a particularly infamous example was the enormous IoT botnet barrage that brought down Dyn, a major DNS provider.
Although Mirai’s creators were swiftly scooped up by the FBI, the malware they authored remains out there. This means that Mirai, its malware derivatives, and other similar botnets still pose a significant threat to unprotected devices and networks. That’s why it’s so important to protect your device with strong anti-malware software.
Having been shared on the dark web, the Mirai botnet source code continues to evolve as malware creators adapt it to create more advanced variants of Mirai. Recent IoT botnet threats such as Okiru, Satori, and Reaper are all based on the Mirai malware source code. More variants will inevitably emerge due to Mirai’s open source code.
Mirai exploits default usernames and passwords, trying to find the right combination to break in. Rather brute-force attacking a single device, Mirai will simply move on to an easier target. So, your top priority should be changing the factory setting log-in keys and creating a strong password for your IoT devices as soon as possible.
But even as cyber threats targeting smart devices grow in scale and sophistication, built-in IoT security protocols are often relatively weak. All it takes is one compromised device to expose an entire system, so it’s important to take additional steps to secure your smart home.
Once a botnet or other malware has accessed one of your networked devices, the damage has already been done. That’s why it’s so important to approach the security of your digital life and network home proactively — to prevent infections in the first place.
Avast One combines six layers of advanced security, leaving nothing to chance when it comes to stopping hackers and shielding you against malicious software. And with heuristic threat detection based on cutting-edge artificial intelligence, you’ll be fully protected against even the very latest emerging threats.