Name | Mirai Botnet |
Additional Names | Okiru, the Satori, the Masuta and the PureMasuta |
Type of Malware | Worm |
Location – Country of Origin | United States (New Jersey) |
Date of initial activity | 2016 |
Associated Groups | Paras Jha, an undergraduate at Rutgers |
Motivation | The initial goal of the Mirai worm was to attack his own university’s systems to convince them to hire him to mitigate those attacks. It was also used to make money in the MindCraft game. It is malware that turns computer systems running Linux into remotely controlled “bots” |
Attack Vectors | DDoS botnet attack |
Targeted System | Internet of Things (IoT) devices |
Overview
The Mirai worm infected hundreds of thousands of networked internet-connected IoT devices. Created by college students initially looking to cheat a game, it infected hundreds of thousands of IoT devices and created the largest sustained distributed denial of service attack the internet has ever seen. Using a table of over sixty factory default login credentials, the malware scans the IoT devices and infects them so that a central set of command and control (C&C) servers can control them to launch DDoS attacks. Mirai malware is more damaging because even if an infected device is rebooted, it will be reinfected within minutes if the default password is not changed immediately.
Targets
Smart devices that run on ARC processors.
Tools/ Techniques Used
Botnet.
Impact / Significant Attacks
A Mirai significant attack was the attack on Dyn, a cloud-based internet performance management company. The Mirai attack overwhelmed its sites such as Amazon, Netflix, PayPal, The New York Times, and Verizon. Around 8% of the web domains relying on Dyn’s managed DNS service dropped the service in the immediate aftermath of the attack. Approximately 14,500 web domains that used Dyn’s managed Domain Name System services prior to the Mirai attack stopped using them immediately following the attack.