The Mirai Botnet Returns, But Don’t Panic

Unless You’re Stupid. Then Panic.

Six years ago, the Mirai botnet took down pretty much everything that represents the internet to most people. Twitter, Reddit, Netflix and even the “Krebs on Security” network were hit. It was the first malware attack that made cybersecurity awareness commonplace. Since that initial attack, defences against the malware have increased, but so have the variants.

Last November, AT&T Alien Labs researchers discovered a new variant in the wild called BotenaGo with dozens of vulnerabilities targeting the most popular Internet of Things (IoT) devices and routers. In late January an Akamai researcher found a variant targeting the Log4j vulnerability in ZyXEL networking devices. To date, however, there have been no significant successful attacks against any organization or person.

That last word is significant. BotenaGo identifies, infects and controls devices belonging to specific people. So, the good news is that most people will not be the target of BotenaGo attacks. The bad news is that doesn’t mean you are safe, especially if you refuse to follow basic cyber hygiene.

Mirai history

The malware was created by Paras Jha of New Jersey, who pleaded guilty in 2017 to creating the Mirai botnet. He used the malware to conduct DDoS attacks flooding corporate networks with junk traffic from more than 300,000 infected web-connected devices. He also demanded payment in exchange for halting the attacks. In 2018, Jha and two other conspirators were convicted of ad click fraud. They paid $8.2 million in damages and put under house arrest for six months.

Jha also ran a protection racket through a shell company, Protraf Solutions LLC, which charged customers up to $3,000 a month to protect them from Mirai attacks that he launched against them and cybersecurity rivals.

Variants abound

The Mirai code was loaded to the Dark Web while Jha was still operating and to GitHub a few years ago. That allowed both researchers and criminals to play with the code and develop variants and focus on specific targets and vulnerabilities

As long as consumers remain unwilling to regularly patch their devices, attackers will continue to find security vulnerabilities.

“What is dangerous about Mirai is that it is now widely available to any hacker or malware guy looking to add his own twist,” said Martin West, the CISO-for-hire at Harbor Networks. “It’s been around for a while and it is reported to have a low anti-virus detection rate.  It’s not a big string of code, either, so the source code for this can be ideal for launching new variants and new malware strains.  It is just very easy to use so every wannabe hacker will leverage it.  Keep an eye on your public-facing devices!”

According to Joe Morin, Founder & CEO, of Cyflare, said in 2021 96% of major breaches had 3 or fewer related indicators making them very hard to detect. “With propagation attacks such as Mirai, you have to sift through every connection, anomalous behaviour, and enable auto containment capabilities.”

Defenses are solid

It’s not all bad news. Security researchers are actively working to protect users and prevent these botnets from spreading. Using knowledge gained from Mirai and other botnets, they are able to stop their attacks and locate their creators.

Coming out of that research is a rich set of knowledge for both IT experts and lay users. For the latter, the Center for Internet Security (CIS) recommends:

• Update IoT devices – Always keep IoT devices up to date to ensure there is less of a chance for infection.
• Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. It is important to keep your anti-virus software up-to-date.
• Your original passwords may be compromised. Change them as soon as possible.
• Keep operating systems and application software up-to-date – Install software patches so that attackers cannot take advantage of known vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it.
• Use anti-malware tools – Using a legitimate program that identifies and removes malware can help eliminate an infection.

Tools are available

Even if you aren’t an expert, the CIS has a set of benchmarks for any sort of network configuration. A small business owner without an IT manager using those guidelines can keep a network safer, if not completely safe. Whole sets of tools are available to maintain your security without adding personnel.

John D. Flory III, Harbor Networks CTO, recommends Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) solutions for threat detection and response.
 
Companies like Harbor Networks can aggregate tools and services to provide security practices or enhance current personnel. They can help create custom incident response playbooks.

The bottom line is that there is little reason to worry if you take basic digital hygiene seriously. Beyond that, avoid the problem altogether, according to Morin, “Adopt a Zero Trust strategy to erase your public footprint and avoid the potential threat.”