- Malware based on Mirai is being used to corral smart home tech, routers and more to execute DDOS attacks.
- These attacks are advertised on the dark web for as little as $1 350 per month.
- These attacks are largely executed using botnets made-up of compromised IoT devices.
Back in 2016 a new strain of malware was making headlines for all the wrong reasons. Dubbed Mirai, the malware was able to corral internet-connected cameras and routers into a massive botnet. This botnet was capable of executing massive distributed denial of service (DDoS) attacks one of which took out Netflix and Twitter for a few hours.
The way Mirai was able to spread so easily came down to the proliferation of internet-connected security cameras. Unfortunately, while these became popular, proper cybersecurity practices didn’t. This left Mirai with countless target devices using default usernames and passwords that it could infect and use to execute attacks.
While the creators of Mirai were found and eventually helped the FBI find other cybercriminals, the legacy of their creation lives on thanks to the release of Mirai’s source code. The creators released this source code and since then evolutions of the malware have appeared online.
Of late, Mirai has been popping up again and there is something of a competitive market forming among creators of malware designed to capture Internet of Things (IoT) devices.
Cybercriminals are, according Kaspersky, advertising DDoS attack services on dark web forums. In the first half of 2023, Kaspersky spotted 700 adverts for this sort of service. These services employ botnets to execute the attack.
“The primary method for infecting IoT devices continues to be through brute-forcing weak passwords, followed by exploiting vulnerabilities in network services. Brute-force attacks on devices are commonly directed at Telnet, a widely used unencrypted protocol. Hackers use this method to gain unauthorised access by cracking passwords, allowing them to execute arbitrary commands and malware. Although SSH, a more secure protocol, is also susceptible, it presents a greater resource challenge for attackers,” explains Kaspersky.
The services range in price from $63.50 per day to $1 340 per month. A small price to pay to disrupt a host of internet services and potentially hold them to ransom.
For those of us at home though this could mean your router or internet camera which uses basic passwords, or even the default password which you can find online incredibly easily could form part of a botnet.
The trouble is that many people don’t change the password on their new smart camera or other new smart home tech. This is incredibly dangerous as aside from your tech being used to knock out internet services, it could be a route into your home.
A NAS connected to the internet for example could be compromised if not properly secured. From there a hacker could compromise a piece of IoT tech to gain access to your work notebook when you’re working from home.
While it’s easy to blame the user here, the fact is that technology is tricky and the average buyer isn’t going to consider themselves a target for cybercrime. The firms producing the technology, however, need to do better.
“Kaspersky urges vendors to prioritise cybersecurity in both consumer and industrial IoT devices. We believe that they must make changing default passwords on IoT devices mandatory and consistently release patches to fix vulnerabilities. In a nutshell, the IoT world is filled with cyber dangers, including DDoS attacks, ransomware, and security issues in both smart home and industrial devices. Kaspersky’s report stresses the need for a responsible approach to IoT security, obliging vendors to enhance product security from the get-go and proactively protect users,” says security expert at Kaspersky, Yaroslav Shmelev.
That point about patches to fix vulnerabilities is hugely important but it also needs to be easy. Even as somebody immersed in technology every day, I’d be lying if I said I regularly updated the firmware on my router, in fact, I’m not even sure the manufacturer still supports and provides updates for the router I use.
And this problem is only going to get worse as more connected fridges and smart cameras come online.
With so much of our economy, lives, and communication relying on the internet, we’d all do well to safeguard it against massive disruptions caused by DDoS attacks that use our smart air fryers.