Almost everyone reading this is familiar with last year’s massive distributed denial of service (DDoS) attack that brought down Internet infrastructure and management company Dyn. The attack led to outages at major Internet sites, including Netflix, Amazon, Reddit, and Twitter. In the days that followed, it was clear that this attack was orchestrated primarily using a form of Mirai malware that infected Internet of Things (IoT) devices.
But this was not the end of Mirai’s reign of terror. Mirai disrupted services for more than 900,000 Deutsche Telekom (DK) customers. And in total, more than 1.5 million devices were estimated to be infected with Mirai in the last few months, marking its presence on a global scale.
So, what exactly is Mirai?
Mirai is malware that infects systems running on Linux and turns them into remotely controlled bots that form a massive botnet that can attack and overwhelm even large-scale networks. Mirai primarily targets IoT-based consumer devices such as routers, industrial surveillance equipment, home CCTV cameras, and DVRs. These devices infected with Mirai can be remotely controlled by the originator and be used to disrupt network systems via DDoS attacks.
The reason Mirai targets IoT products is because of the poor security on these devices. Many use default passwords and don’t come with any advanced security features, making them an easy soft target for attackers.
Is your device infected with Mirai?
When your computer, laptop, or mobile device is infected with malware, it exhibits immediate symptoms such as reduced performance, continual reboots, and abnormal functionality. However, this isn't the case with the IoT-based devices. These devices hardly show any symptoms even after being infected with malware such as Mirai.
Thankfully, there are few online scanners such as BullGuard, that can do the task for you. These products scan for malware in all your IoT-based devices in the network and identify malware.
Defending against Mirai
While the devices affected with Mirai can be mitigated from attack, there is no way to avoid being targeted. Most of the time, Mirai malware can be cleaned from the device by simply restarting it. However, due to the malware’s constant scanning for devices, all vulnerable devices can be re-infected quickly if proper security measures aren't taken. To avoid being a victim of Mirai, you need to follow some safety measures. Here are some of them:
Secure your devices
You can lower the chance of being a target by changing the name of your IoT devices, creating a strong password, having proper backups, and capturing and analyzing network traffic.
Regularly analyzing all the IoT-based devices on your network is also an important measure.
Disable Telnet login and start using SSH
Almost all devices vulnerable to Mirai’s attacks are typically Telnet-enabled devices. Although Telnet is a traditionally used network protocol, it is not very secure. Because Telnet is a plain text-based network protocol, it is very easy for the hackers or intruders to sniff your login credentials.
Instead, to remotely access your Linux accounts, it is advised to use SSH (Secured Shell), which is more secure. SSH features password authentication and guards against DNS and IP address spoofing.
Keep your devices updated
No device is completely resistant to cyberattacks or malware. However, these devices get stronger and comparatively more difficult to infect if you keep them updated. Every update of a device is meant to fix an already existing issue and also to improve the overall performance of that particular device. It is your responsibility to check for these updates and make sure that all your devices are running on the latest version.
Use strong encryption standards
The better the encryption standards used, the tougher it will be for an intruder to break into your network. Encryption also gives a competitive edge to service providers to satisfy privacy requirements. Encrypting the IoT-based devices prevents them from being accessible by the intruders.
Regularly change login credentials
Most IoT-based user devices are notoriously known to be operating with the factory default user credentials. Mirai malware specifically uses a list of all the default credentials known for an array of products to scan for an unprotected device. This is done by brute-forcing these lists of default credentials with the devices scanned. Once any such device is found, it is added as a part of Mirai botnets. Therefore, make sure you change or update your login credentials regularly.
Also, it is advised to login to your network router and whitelist all your personal devices to curb the chances of unknown devices getting connected to your network.
Everyone's a target, even governments
It's not just consumers who need to take proper preventive measures against Mirai. Governments must also take proper preventative measures, because they are increasingly becoming targets of IoT-based attacks. There were an estimated 6.4 billion IoT devices operating last year. By 2020, that number is expected to grow to nearly 21 billion. Obviously, it’s the right time to start securing these devices, networks, and ourselves to get ready for what will be more attacks in the future.