Enterprises Beware: Variations on the Mirai Malware Still Feeding DDoS Attacks

The Mirai Malware first attracted public attention in October 2016, when it was used to launch the notorious and massive botnet-driven distributed denial of service (DDoS) attacks against Brian Krebs’ blog and Dyn’s DNS infrastructure. Since then, the Mirai code was unleashed freely on the Dark Web, and has subsequently been modified and re-used for a variety of other malware attacks. Now, Tech Target reports that researchers at Palo Alto Networks have discovered another new variant of the Mirai malware that is “going after wireless presentation and display systems, indicating a potential shift in using Mirai to target enterprises.” Researchers found that “In addition to scanning for vulnerable devices, the new Mirai variant can also be commanded to send out HTTP flood DDoS attacks.”

IoT-Driven DDoS Attacks

However, even if enterprises take such steps to protect their physical assets from being harnessed by Mirai malware, this does not protect themselves from becoming the target of a damaging DDoS attack. Unfortunately, the denial of service risk persists, regardless of whether they secure their physical assets. At the heart of the problem is the fact that there are billions of other IoT-connected devices around the world, that are not secured, and therefore can be recruited by cybercriminals into botnets that hurl DDoS attacks at their targets, almost indiscriminately. No unprotected network is safe; enterprises can’t afford to be lax or lenient when it comes to DDoS protection.

The vast majority of DDoS victims are impacted by sub-saturating, low-level attacks, which are no less dangerous than their massive headline-grabbing cousins, especially as they more typically go undetected. These smaller attacks can degrade network, server, and application performance and even mask other nefarious activity, including mapping a network for its vulnerabilities to wreak further damage in the future. The easiest way for enterprises to avoid being impacted by such attacks directed at them, is to use a Managed Security Service Provider, Hosting Provider or Internet Service Provider who offers the latest generation of real-time DDoS Protection as a Service (DPaaS).

The Shifting DDoS Threat Landscape

This latest incarnation of the Mirai code is no surprise. Malware marches on. As with cyber threats in general, the DDoS landscape is constantly shifting, requiring constant vigilance and automated DDoS defense systems. Effective DDoS protection requires continuous visibility into the threats, with real-time mitigation as well as long-term trend analysis, to identify changes in the DDoS landscape and deliver proactive detection and mitigation.

For over a decade, Corero has been providing state-of-the-art, highly-effective, automatic DDoS protection solutions for enterprise, hosting and service provider customers around the world. If you’d like to learn more, please contact us.

Sean Newman is VP Product Management, responsible for Corero’s product strategy. Sean brings over 25 years of experience in the security and networking industry, to guide Corero’s growing leadership in the real-time DDoS protection market. Prior to joining Corero, Sean’s previous roles include network security Global Product Manager for Cisco, who he joined as part of their acquisition of cyber-security vendor Sourcefire, where he was Security Evangelist and Field Product Manager for EMEA. Prior to that he was Senior Product Manager for endpoint and network security vendor Sophos, after having spent more than 12 years as an Engineer, Engineering Manager and then Senior Product Manager for network infrastructure manufacturer 3Com.