Page 66 - Cyber Warnings
P. 66







Mirai Botnet


A Sign of DDoS to Come
by Charles Parker, II; InfoSec Architect


Attackers are always looking for new and novel methods of attack. These initially may be
difficult to defend against, as these were new to the environment.

Of the recent attacks, Mirai has been a major contributor to the malware business.

This has created quite a stir in the market. Mirai was coded to target embedded systems and
IoT devices as tools to spread the malware and also as attack tools. This malware sample is
notable in that this malware created the largest DDoS attacks recorded to this junction.

This has been shown to be a rather significant issue for those affected, even with a DDoS
protection app in place with third party vendors.

Targets
The Mirai attack does not have a specific set of targets in mind. This bot army focuses its
energy on any particular target based on any number of reasons, from the person or entity.
Each time the bots are rented, a specific target is chosen.

The prior publicized targets have been Krebs on Security (620 Gps), Deutsche Telecom,
KCOM, Irish telco Eir, the French internet provider OVH (1.1 Tbps), Dyn, and others.

Method of Attack
The attack has evolved over time. Initially, Mirai utilized routers manufactured by the Taiwan
company ZyXEL.

This particular router posed the vulnerability with port 7547, a maintenance interface, using the
TR-064 and TR-069 protocols.

Once exploited, the unauthorized third party may access and alter the router LAN configuration
and become part of the bot army.

Originally they began with 200K bots. Now, there are over 400K bots to carry out the attacks.
There could be as many as 5M routers that could be vulnerable to this exploit. These bots have
a minimum rental period of two weeks.

For the person renting the destructive bots, the number of bots and duration drive the cost. The
attack may be extended, as this has been coded to spoof the individual bot’s IP address.



66 Cyber Warnings E-Magazine – March 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide

   61   62   63   64   65   66   67   68   69   70   71