DDoS has become an increasingly prevalent menace throughout the course of this year, and the release of the source code for the 'Mirai' botnet is going to seriously hike threat levels.
If you've been following security news recently, you'll likely have noticed that new records for DDoS attacks have been swiftly set – first with an assault on the Krebs on Security website which reached 620Gbps, but that quickly fell after two simultaneous barrages of 799Gbps and 191Gbps were recorded hitting French hosting company OVH.com.
That's some eye-watering firepower and these attacks are fuelled by giant botnets of compromised Internet of Things devices, and the likes of routers, DVRs and security cameras which are easily hacked as they've been left with factory default passwords.
So, the bad news is that Mirai is one such botnet (alongside the more prevalent 'Bashlight'), and the release of its source code – which security researcher Brian Krebs himself spotted – puts the tools to craft these sort of massive attacks into less-skilled cybercriminal hands.
Circle of compromise
And the more widespread usage that Mirai sees, the more poorly defended IoT and similar devices will be compromised, and thus an increasingly large amount of potential DDoS firepower will be out there.
Meaning that websites and businesses could be taken down and assaulted with ever more powerful DDoS in combination with ransom demands – in other words, pay up or the carnage won't stop.
As Dale Drew, CSO at Level 3 Communications, told Ars Technica: "These botnets are largely being used in [DDoS-for ransom] campaigns … By releasing this source code, this will undoubtedly enable a surge in botnet operators to use this code to start a new surge in consumer and small business IoT compromises."
He further warned: "I predict that botnet operators … will be searching for a larger inventory of IoT exploits to take advantage of. This could be the start of a surge of attacks against IoT devices in the consumer space."
So now might be a good time to check that your router, security camera or other internet-connected gadget has a proper username and password set, rather than being left on the default settings.
Krebs spotted the post from the hacker releasing the source code, which observed that the scope for attacks had recently dropped. The hacker noted: "With Mirai, I usually pull max 380k bots from telnet alone. However, after the Kreb [sic] DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300k bots, and dropping."
However, with the release of the source, as mentioned we can certainly be sure that overall levels of IoT-powered DDoS will be doing anything but dwindling.
Following the OVH.com attack, Octave Klaba, founder and CTO of the firm, said that he believed the botnet responsible could easily be upped to fire out a DDoS volley in excess of 1.5Tbps. Doubtless, it won't be long before we see the next distributed denial of service record being set.
- We look at how to prove the value of DDoS security