Since its emergence in 2016, the Mirai botnet has been a significant concern for cybersecurity professionals worldwide. Today it remains at the forefront of distributed denial-of-service (DDoS) threats.
Corero cybersecurity engineer Huy Nguyen aids the understanding of why Mirai continues to be so prominent, through his report, titled “Mirai and Its Common Attack Methods.” The report uncovers the evolving nature of Mirai malware, demonstrating its adaptive nature and most current usage techniques by examining some of the variants included in the code.
A persistent threat
An important take-home of his report is that whilst only a handful of vectors have been added to the Mirai code in recent times, it keeps breaking records for the biggest DDoS attacks. Its attack methods are still effective, with even the old vectors being problematic enough to cause severe damage.
So, the ongoing success of the Mirai code and its ability to continue to increase the magnitude of attacks, can be attributed not just to the sophistication of the code set, but to the growth of smart devices. These devices, combined with end-of-life devices for which vendors cease to provide security updates, mean the potential supply of vulnerable devices seems almost endless and the potential size of DDoS ever-expanding.
Mirai variants make use of exploits to target IoT devices, turning them into zombies, building the huge botnets used to instigate a good portion of the record-breaking DDoS attacks we continue to hear reported in the news.
The report highlights and demonstrates the ease at which botnets can be built with a few commands and minimal knowledge to the extent that the Mirai author even provides a setup guide to aid those lacking more sophisticated technical skillsets.
The report provides examples of the common attack methods, explains technically how they operate and what their main technical objectives usually are. Vectors such as UDP floods, TCP SYN floods, GRE attack vectors, and Layer 7 HTTP and DNS are covered.
Attack methods
Many of the attack methods included blur the lines between legitimate and malicious traffic by crafting packets which when looked at in isolation bare little to no difference to legitimate packets.
While blocking these attacks is feasible, the challenge lies in filtering out the harmful traffic without inadvertently obstructing legitimate traffic. To do this requires solutions, techniques, resources, and time. Blocking attacks without doing harm to legitimate traffic is essential to keeping services stable and business running.
Challenges and mitigation
Huy Nguyen, the report’s author, emphasizes the need for vigilance. “The Mirai botnet’s capabilities serve as a stark reminder of the importance of robust cybersecurity practices. Both individuals and organizations must prioritize securing their devices to mitigate the risks posed by such threats.”
This research serves as a resource for cybersecurity professionals, offering in-depth insights and actionable recommendations to counter the growing threat posed by Mirai and similar botnets.
