One of the biggest stories of the year is the Mirai botnet. Indeed, it is a big deal in both the security and Internet of Things (IoT) sectors. Mirai, malware that plants itself on poorly or unsecured IoT devices, was responsible this fall for a major internet brownout and even took down a country (Liberia), though that was not quite as big an accomplishment as it seems.
The bad news is that Mirai hasn’t gone away. In fact, it seems to have burrowed itself more deeply into the internet. This week, Flashpoint reported that a new Mirai variant had “involvement” in a recent Deutsche Telekom outage. The firm provides technical background on its suspicions and says that the infected devices were found in Germany, Brazil and the United Kingdom.
One of the scarier elements of Flashpoint’s announcement is the reality that Mirai is changing – and no doubt in a way that its progenitors likely think makes it more dangerous:
While the original Mirai propagated over TCP/23 (Telnet) and TCP/2323 and leveraged default usernames and passwords, this new variant of Mirai utilizes the TR-064 and TR-069 protocols over port 7547 and exploits a known vulnerability to gain control of devices.
It gets worse. CSO Online today reported that the source code for Mirai, which is the equivalent to the blueprints for a house, was released on Hackforums. The malware so far has reached 164 countries.
The interesting report quotes the message the poster at Hackforums left and says that researchers have found that it is programmed to avoid searching for vulnerable devices at institutions such as the U.S. Post Office, GE, the Department of Defense, HP and the Internet Assigned Numbers Authority (IANA). No possible reason was offered for avoiding those sites. There are signs of Russian involvement, according to the story.
Along the same lines, Bleeping Computer reports that two hackers claim to have control of a 400,000-device botnet. It is available, like a timeshare, for rental.
There is a tremendous amount of uncertainty in the hazy world of hacking. Malware with one name – in this case, Mirai – generally consists of families with different characteristics. Claims, such as the availability of botnets for rental, can’t be confirmed. It’s a shady world for a reason: The people involved in it are criminals.
That said, there is a lot of which to be afraid. The scariest elements are that Mirai relies on consumer IoT devices. People in general show little interest in taking even the most rudimentary security steps, such as changing passwords. The number of such devices is exploding. The formula is smart: ambitious criminals, a careless public, and proliferating paths of attack. That should be enough to frighten anyone.
Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at firstname.lastname@example.org and via twitter at @DailyMusicBrk.