Someone is Using Mirai Botnet to Shut Down Internet for an Entire Country

http://thehackernews.com/2016/11/ddos-attack-mirai-botnet.html?m=1

Mirai botnet was used now to attack Internet connection of one whole country in Africa.

5 Comments

  1. Tomi Engdahl says:

    Criminals Trying to Take an Entire Country Offline with Massive DDoS Attacks – Testing Cyber Weapons?
    http://wccftech.com/massive-cyber-attack-entire-country-offline/

    Cyber criminals are now using Mirai malware to take down the entire internet infrastructure of Liberia. The African nation was targeted by the same cyber weapon that caused the largest ever cyber attack of the history, just two weeks ago.

    Security experts had warned that the October DDoS attack was just a start of an expected onslaught of upcoming cyber attacks – of even larger scale. They believe that future DDoS attacks could reach to 10 Tbps traffic, enough to take down the internet infrastructure of an entire country.
    Is cyber attack on Liberia a test case?

    Using this malware, someone is now trying to take down internet access of an entire country by launching massive DDoS attacks. Criminals have been using the same weapon over the past seven days in the continued attacks on Liberia, 500 Gbps in size. Not as large as the October cyber attack, but still among the largest.

    Another Mirai botnet, known as Botnet 14, began intermittent attacks on the two Liberian companies that co-own the only fiber cable coming into the country, sending it almost entirely offline with each attack.

    “Transit providers, confirm over 500gbit/Sec of traffic is output during attacks. Attacks last a short period. It is the largest of the Mirai botnets and the domain controlling it pre-dates the attacks on Dyn,” security expert Kevin Beaumont said.

    “The capacity makes it one of the biggest DDoS botnets ever seen. Given the volume of traffic, it appears to be the owned by the actor which attacked Dyn.”

    Reply
  2. Tomi Engdahl says:

    “Shadows Kill” — Mirai DDoS botnet testing large scale attacks, sending threatening messages about UK and attacking researchers
    https://medium.com/@networksecurity/shadows-kill-mirai-ddos-botnet-testing-large-scale-attacks-sending-threatening-messages-about-6a61553d1c7#.qopytu6hz

    Mirai, a Denial of Service toolkit, is made up of lots of actors across botnets. The source code is open source, meaning anybody can download it and join the club.

    After the historic DDoS attack which downed Dyn, in turn impacting DNS services to a very large number of websites, MalwareTech.com setup monitoring of Mirai botnets — introducing honeypots to monitor attack traffic.

    Many of the botnets are simply attacking Minecraft servers and doing technically terrible attacks on websites, e.g. a Farming Simulator game mod site.

    We have seen a botnet called #14 attack significantly bigger targets. With monitoring it is clear they are extremely successful at attacking things. So far, these tests appear to be a test nature.

    Transit providers confirm over 500gbit/sec of traffic is output during attacks. Attacks last a short period. It is the largest of the Mirai botnets and the domain controlling it pre-dates the attacks on Dyn.

    Liberia

    Over the past week we’ve seen continued short duration attacks on infrastructure in the nation of Liberia. Liberia has one internet cable, installed in 2011, which provides a single point of failure for internet access.

    Shadows Kill botnet

    Last night, while tweeting about the attacks, the botnet started sending messages

    As of 1PM today UK time, the botnet continues to intermittently attack Liberia telecom providers who co-own the submarine cable.

    Reply
  3. Tomi Engdahl says:

    DDoS attack from Mirai malware ‘killing business’ in Liberia
    The DDoS attacks come from the same malware responsible for last month’s disruptions in the US
    http://www.pcworld.com/article/3138631/security/ddos-attack-from-mirai-malware-killing-business-in-liberia.html

    The malware behind last month’s massive internet disruption in the U.S. is targeting Liberia with financially devastating results.

    This week, a botnet powered by the Mirai malware has been launching distributed denial-of-service (DDoS) attacks on IP addresses in the African country, according to security researchers.

    These attacks are the same kind that briefly disrupted internet access across the U.S. almost two weeks ago. They work by flooding internet connections with too much traffic, effectively forcing the services offline.

    On Thursday, an employee with one Liberian mobile service provider said the attacks were taking a toll.

    “The DDoS is killing our business,” he said over the phone. “We have a challenge with the DDoS. We are hoping someone can stop it.”

    “It’s killing our revenue. Our business has been targeted frequently,” he said.

    Reply
  4. Tomi Engdahl says:

    German ISP Confirms Malware Attacks Caused Disruptions
    http://www.securityweek.com/german-isp-confirms-malware-attacks-caused-disruptions

    German telecommunications giant Deutsche Telekom has confirmed that more than 900,000 of its 20 million fixed-line network customers experienced Internet disruptions due to malware attacks on their routers.

    In a press statement released on Monday, Deutsche Telekom said malicious actors had been trying to infect routers with malware, but the attempts failed, which led to 4-5 percent of devices crashing and preventing owners from going online.

    Since the malware only resides in the router’s memory, customers have been advised to reboot their devices in order to clean the infection. Deutsche Telekom has also released a firmware update that should prevent infections on its Speedport routers.

    Germany’s Federal Office for Information Security (BSI) reported that some government networks protected by the organization were also targeted in attacks. These attacks were mitigated by the existing protection mechanisms, the BSI said.

    Attacks have been observed in several countries. Researchers determined that a piece of malware based on Mirai, whose source code was leaked recently, has been using port 7547 to hijack routers and modems.

    Reply
  5. Tomi Engdahl says:

    Firm Responsible For Mirai-Infected Webcams Hires Software Firm To Make Its Products More Secure
    https://it.slashdot.org/story/17/06/16/2151221/firm-responsible-for-mirai-infected-webcams-hires-software-firm-to-make-its-products-more-secure

    After seeding the globe with hackable DVRs and webcams, Zhejiang Dahua Technology Co., Ltd. of Hangzhou, China will be working with the U.S. firm Synopsys to “enhance the security of its Internet of Things (IoT) devices and solutions.” Dahua, based in Hangzhou, China said it will with Mountain View based Synopsys to “enhance the security of its Internet of Things (IoT) devices and solutions.” In a joint statement, the companies said Dahua will be adopting secure “software development life cycle (SDLC) and supply chain” practices using Synopsys technologies in an effort to reduce the number of “vulnerabilities that can jeopardize our products,”

    Firm That Made Mirai-Infected Webcams Gets Security Religion
    https://securityledger.com/2017/06/firm-that-made-mirai-infected-webcams-gets-security-religion/

    In-brief: After seeding the globe with hackable DVRs and webcams, Zhejiang Dahua Technology Co., Ltd. of Hangzhou, China will be working with the U.S. firm Synopsys to “enhance the security of its Internet of Things (IoT) devices and solutions.”

    The surveillance camera maker whose name became synonymous with insecure, connected devices after its cameras formed the backbone of the Mirai botnet has hired a top secure software development and testing firm to makes its products less prone to hacking.

    Dahua’s cameras and digital video recorders (DVRs) figured prominently in the Mirai botnet, which launched massive denial of service attacks against websites in Europe and the U.S., including the French web hosting firm OVH, security news site Krebsonsecurity.com and the New Hampshire based managed DNS provider Dyn. Cybercriminals behind the botnet apparently exploited an overflow vulnerability in the web interface for cameras and DVRs to gain access to the underlying Linux operating system and install the Mirai software, according to research by the firm Level3.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*