The original Mirai Botnet was released in 2016 and had taken control over many computers and had wrought unprecedented damage to the Internet. It was designed by Paras Jha who was an undergraduate at Rutgers at the time and who launched attacks at his own university to convince them to hire him to mitigate those attacks.
So Mirai was born and developed by Jha and his friends. Jha named it Mirai, Japanese for the future. The first big wave of attacks came in September 2016 and was against the French host OVH. A few days later the code was posted online to allow copycats to use the code and muddied the waters as to who was the first to use it.
How it works
These were very serious attacks which took over routers, IP cameras, DVRs, smart devices and almost anything connected to the Internet. The Internet of things has a target on its face.
A botnet is more than a virus because it is a collection of devices/computers that work by infecting groups of computers and forces those computers to attack other computers or devices.
The inventors of Marai were arrested and ultimately given probation. Unfortunately, the dangerous code was used by others to create a new Marai which was even more powerful and dangerous.
The New Mirai
Security researchers at the Palo Alto Networks had found that Mirai has been created anew to attack on even a larger scale.
The original Mirai created a botnet of 500, 000 Internet of Things devices and attacked services like Xbox and Spotify. It targeted DNS providers directly and brought down BBC and Github. Dys, a DNS provider, was taken down by a DDOS attack which works by flooding a target with massive amounts of internet traffic and thereby bringing down the web site.
The new Mirai had 11 new exports and a new list of default admin credentials to attack business hardware. This new phase will be even more dangerous and powerful because it can take over business hardware and commandeer networks. When it attacks enterprise networks, it gets access to larger bandwidth which increases its power for DDoS attacks.
Botnets and DDoS attacks go together because botnets can spread malicious software through emails, websites and social media. The botnet can control remotely without their owner’s consent.
What can I do protect myself
So how do you protect yourself from this menace? Since it uses default login credentials, your best line of defense is to ensure you have changed your default login credentials on your router and network. You can do this through your router login page or your web interface. You will need the default password for this unless you have changed it. Some default credential are blank and these need to be changed.
While you are on this page, you should always check your firmware and update it, if it needs updating. Do this for anything you have in your home or business.
Malware thrives on unpatched devices and your best defense is to make sure that your devices are protected. This new variant of Mirai targets new combinations of default usernames and passwords.
If you find that its been years since your router’s firmware was updated, and perhaps the company isn’t supporting it anymore, consider buying a new device. Checking at the manufacturer’s website will give you this information. You can also find the default password info on this page.