Story image

What you need to know about the Mirai botnet behind recent major DDoS attacks

01 Nov 2016

A distributed denial of service attack (DDoS) on DNS provider Dyn last week managed to disrupt an array of the internet’s biggest websites, including Spotify, Twitter, and PayPal.

What was most interesting about this attack was that it was largely carried out using an Internet of Things (IoT) botnet called Mirai (Linux.Gafgyt).

Q: How does Mirai work?

A: Mirai works by exploiting the weak security on many IoT devices. It operates by continuously scanning for IoT devices that are accessible over the internet and are protected by factory default or hardcoded user names and passwords.

Q: What devices are at risk of exploitation/infection?

A: Routers, DVRs, CCTV cameras, and any other ‘smart’, internet-connected appliances are at risk of attack.

Q: How are device manufacturers responding?

A: The Chinese electronics firm behind many of the webcams used in the attack on Dyn’s services, XiongMai Technologies, issued a recall for many of its devices following the attack.

Q: Can a Mirai infection be removed?

A: Devices that become infected with Mirai can be cleaned by restarting them. However, due to constant scanning for devices by the botnet, vulnerable devices can become re-infected within a matter of minutes of going back online unless the default credentials are changed.

Q: What can I do to protect my devices and prevent them from becoming infected?

A: Symantec Security Response has the following tips to protect your IoT device from becoming infected with malware.

  • Research the capabilities and security features of an IoT device before purchase
  • Perform an audit of IoT devices used on your network
  • Change the default credentials on devices. Use strong and unique passwords for device accounts and Wi-Fi networks
  • Use a strong encryption method when setting up Wi-Fi network access (WPA)
  • Disable features and services that are not required
  • Disable Telnet login and use SSH where possible
  • Disable Universal Plug and Play (UPnP) on routers unless absolutely necessary
  • Modify the default privacy and security settings of IoT devices according to your requirements and security policy
  • Disable or protect remote access to IoT devices when not needed
  • Use wired connections instead of wireless where possible
  • Regularly check the manufacturer’s website for firmware updates
  • Ensure that a hardware outage does not result in an unsecure state of the device

Article by Symantec Security Response.

Story image
27 Nov
Interview: Microsoft's Diana Kelley talks talent gaps and D&I
Kelley recently spoke at Microsoft Asia’s new Experience Center, where she talked through her experience as a security CTO, as well as IoT security, what’s ahead in 2020, and diversity and inclusion both in the cybersecurity sector, and in technology.More
Link image
Whitepaper: The catch-all business continuity planning guide
Use Interactive’s guide to analyse business impact, conduct a risk assessment, and boost your business’ resilience in the event of a disaster.More
Story image
05 Dec
Cyberattacks becoming increasingly targeted in nature, research finds
The number of unique cyber incidents have increase for third quarter of 2019, according to a new report on the cybersecurity threatscape.More
Story image
Today
FireEye rolls out threat intelligence platform for industrial systems
Now industrial control systems (ICS), operational technology (OT), internet of things devices, and other equipment used to manage interconnected physical processes, can be secured from cyber threats.More
Story image
11 Dec
Acronis makes strategic acquisition to strengthen security portfolio
Acronis will integrate 5nine’s technology into the Acronis Cyber Platform, making new services available through the Acronis Cyber Cloud Solutions portal.More
Story image
09 Dec
Hands-on review: Protect your family from cyberthreats with ESET Smart Security Premium
Smart Security is an antivirus, anti-theft, and antispam module for Windows devices, and has additional features such as parental controls, file encryption, and parental controls. More