What is Mirai botnet

Mirai botnet: King of IoT malware

The Mirai malware is particularly fond of infecting IoT devices and uses it to open up its botnet. The Mirai botnet is so present and so dangerous that it has been vehemently defending the title of “King of IoT Malware” for several years.

The danger posed by (Linux) malware is particularly high for companies. Why? You read that with us.

Smart devices are infected and integrated into the Mirai botnet. Image: Unsplash / Jonas Leupe

IoT devices are an easy target

It is estimated that 20.4 billion devices will be connected to the Internet by the end of 2020. Cyber ​​criminals are thus offered an ever more extensive range of systems that they can misuse for their own purposes. Devices such as routers, cameras, smart TVs, smart watches and smart toys that are part of the Internet of Things (IoT) are often an easy target.

The problem: With many IoT products - but especially with the cheaper ones - cybersecurity is neglected. Hackers take advantage of exactly this and search the World Wide Web specifically for poorly protected IoT devices that have an active connection to the Internet in order to infect them with malware.

And they are not satisfied with that. The criminals also use the infected devices as bots in their botnet. One of the most notorious of these botnets is the Mirai botnet.

What is the Mirai botnet?

Mirai is the Japanese word for future. In this case, it refers to malware that specifically searches the Internet for IoT devices with ARC processors. A reduced version of the Linux operating system, which is actually considered to be very secure, runs on these processors. The malware infects the devices and, according to information from the BSI, forces them to report to a command and control server. As a result, the devices are integrated into a botnet and can henceforth be controlled remotely.

The Mirai botnet was founded in 2016 by MalwareMustDie. In the same year, it caused one of the largest DDoS attacks of all time. Back then, in October 2016, the Mirai malware was already dormant on countless IoT devices. Then the bots were activated. A massive DDoS attack was then directed against the Internet service provider Dyn. Some sources say that tens of millions of IP addresses were involved in the attack.

The extent of the attack was evident across the board, as the service provider's customers included Twitter, Netflix, Spotify and PayPal. As a result, they were also affected by the attack and could not be reached at times.

Mirai botnet is still active

This case shows: Although the Mirai malware primarily infects devices in home networks around the world, the Mirai botnet is aimed more at companies and even major corporations around the world. So far there is still no herb against Mirai. This is mainly due to the fact that the source code of the malware was published in various hacker forums as early as 2016 and many hackers tinker with it.

Accordingly, new Mirai variants with new functions are always springing up out of the ground. One of these functions is that swarms of infected devices are also misused for cryptomining (also: cryptomining). Attackers use the infected hardware to mine for cryptocurrencies. It is also said that Mirai is no longer limited to Linux systems, but can also infect Windows systems.

So it is to be expected that Mirai would have to give up the title of “King of IoT Malware” in the near future. The variety is and will remain the trump card for the time being. In addition, there is the steadily growing number of smart, unfortunately often insecure devices. The abundance of these devices ensures that the operators of botnets live like maggots in bacon, so to speak.

The Mirai botnet specifically targets companies. Image: Unsplash / Pietro Jeng

New danger from home office?

The masterminds behind the botnets are infecting more and more IoT devices in order to expand their networks and use them to run DDoS attacks, as has been increasingly evident since the beginning of 2019. In the course of the Corona crisis, there has been another massive increase in Mirai-based variants from March 2020. Apparently, the cyber criminals took advantage of the chaos to expand their activities.

Here, on the one hand, it plays into their cards that smart devices are no longer only used in private environments, but are also increasingly being used in companies. On the other hand, the widespread change to the home office has created more attack surface. Why?

Many companies have had to make the home office possible overnight. Especially with remote access to the company network, however, you have often not been able to implement IT security according to all the rules of the art. This opens up devastating prospects: Mirai could infect smart home devices in the home network and use it to gain access to the company network.

How to protect yourself from the Mirai botnet

At this point you are wondering how you can protect your company from the Mirai botnet? If you implement the following five tips, you have already won a lot:

  • Make sure that the firmware of your IoT devices is always up to date by constantly keeping an eye on the releases of manufacturer updates. Run the updates directly to fix newly discovered - and publicly known - vulnerabilities immediately.
  • Use a virtual private network (VPN) for remote access from the home office to prevent important interfaces of your company network from being directly exposed to the Internet.
  • By implementing the concept of network segmentation in your company, you ensure that infections cannot spread uncontrollably.
  • Rely on protection by a firewall combined with a monitoring and detection system for network traffic. This allows anomalies to be detected early on and proactive measures to be taken to protect interfaces and accesses that are accessible online.
  • Install a layered protection system that can detect, block and prevent threats such as brute force attacks.

You are not an IT expert and for this reason cannot do much with the tips mentioned? Then, unfortunately, the lack of specialist knowledge is no excuse for simply remaining inactive. Better get a professional by your side!

IT professionals don't just protect IoT devices

IT experts with broad specialist knowledge - for example the experts from IT-SERVICE.NETWORK - support you in implementing IT security in all its facets. It starts with the fact that you put the implementation of home office in your company to the test with a comprehensive network analysis. In doing so, they also evaluate whether the aforementioned tips have been adequately implemented.

If this is not the case, our experts will be happy to develop a complete IT security concept for your company network on your behalf and ensure that the actors behind malware such as Mirai do not have the smallest loophole. Are you curious and want to find out more about our comprehensive IT services for everything to do with IT security? Then don't hesitate and get in touch with our experts in your area.

Janina Kroeger

Janina Kröger has been responsible for the IT-SERVICE.NETWORK blog since the beginning of 2019. New IT trends? Important business news? The studied German studies and trained editor not only keeps an eye on what is happening on the IT market, but also knows how to prepare the IT knowledge of IT-SERVICE.NETWORK in an understandable way.