ITNewsAfrica logo

Latest News       Profile      Arbor Networks Website       Contacts       IT News Africa

linkedin   twitter icon   facebook



What’s next for Mirai and botnet DDoS attacks?

JOHANNESBURG – May 03, 2017 – For security professionals, Mirai has become a household name. It’s the now-infamous malware that hackers use to absorb hundreds of thousands of connected devices – from routers, to DVRs, IP cameras and other gadgets – into giant armies.

Mirai was the malware that last year powered an attack on the domain name system provider Dyn. Such attacks are now classified under the moniker or “botnet” Distributed Denial of Service (DDoS) attacks.

Their high-strength attacks have a devastating impact: flooding web servers and hauling companies offline, causing untold financial and reputational damage.

Many security pros are now understandably worried that botnet DDoS attacks will only become more common, and more vicious. The so-called Internet of Things (IoT) is gathering momentum, and an increasing number of connected devices are entering our daily lives (think of connected homes, connected cars, and smart factories, for example).

Will this create fertile terrain for botnet DDoS attacks to grow in scale? What does the future hold for this area of cyber-crime?

Spawning a Mirai Windows variant
While it was created as Linux-based malware that infected IoT devices only running Linux systems, analysts point to a dangerous new Windows variant. Still seemingly in its infancy, the Windows version hasn’t yet caused the kind of damage that propelled Mirai to dubious fame. But it does open the door to the possibility that Windows systems could be infected and weaponised for DDoS attacks.

Reflection and amplification
In traditional DDoS attacks, attackers augment their efforts with either reflection (spoofing a packet's source address) or amplification (the ability to send a small packet to a server and get back a large response). While the first-generation Mirai IoT botnets didn’t leverage these tactics, reflection or amplification seems like a logical next step. We’ve already seen Mirai source code that can effectively spoof source addresses.

Sheer scale
When analysing the most serious, monster-sized DDos attacks, two trends become patently clear: the world’s biggest attacks are getting bigger each year, and there is a lot more of them. Arbor’s Annual Worldwide Infrastructure Security Report showed 558 attacks of over 100 Gbps in 2016 (as opposed to 223 in 2015). IoT botnet attacks have the potential to blow even these numbers completely out of the water. October 2016’s Dyn attack may have involved as many as 100,000 malicious endpoints – combining to create phenomenal attack strength.

Virus-like mutations
What makes Mirai so effective is its ability to morph into new forms, to self-learn and self-perpetuate in a highly dynamic fashion. It has essentially been created as a continually-updating platform that is able to add new features over time (rather than malware for a single, once-off attack). Like a biological organism, it is mutating – enabling it to hijack new types of devices, penetrate more device password variants, and evolve in other unpredictable ways.

IoT ransomware
Arbor’s tracking has already noted that many DDoS attacks are aimed at ransoming the victim (ordering them to pay a fee in order to get their services back up and running). But some analysts are also predicting that ransomware tactics may be directed at the owners of connected IoT devices as well. Could ransomware authors start pointing their efforts at the owners of millions of webcams, routers and fridges, trying to hold them ransom while taking these devices off-line or stealing any data held within?

While these trends and predictions are a worrying window on the future, there’s an alternative future that may in fact diminish the power of IoT botnet DDoS attacks.

It seems that different criminal groups are warring over resources – even turning their DDoS attack methods on each other at times! This continued infighting between those that are clamouring for the compromised devices available may dilute the effect of any one attacker, or any one attack.

However, we certainly don’t recommend that local organisations hold out for this ‘alternative ending’. In all likelihood, the coming years will see an aggressive increase in botnet DDoS attacks, requiring organisations to deploy first-rate, professional DDoS mitigation solutions.




About Arbor NetworksArbor Networks, the security division of NETSCOUT, helps secure the world’s largest enterprise and service provider networks from DDoS attacks and advanced threats. Arbor is the world’s leading provider of DDoS protection in the enterprise, carrier and mobile market segments, according to Infonetics Research. Arbor’s advanced threat solutions deliver complete network visibility through a combination of packet capture and NetFlow technology, enabling the rapid detection and mitigation of malware and malicious insiders. Arbor also delivers market-leading analytics for dynamic incident response, historical analysis, visualization and forensics. Arbor strives to be a “force multiplier,” making network and security teams the experts. Our goal is to provide a richer picture into networks and more security context so customers can solve problems faster and reduce the risks to their business. To learn more about Arbor products and services, please follow us on Twitter @ArborNetworks. Arbor’s research, analysis and insight, together with data from the ATLAS global threat intelligence system, can be found at the ATLAS Threat Portal. Trademark Notice: Arbor Networks, the Arbor Networks logo and ATLAS are all trademarks of Arbor Networks, Inc. All other brands may be the trademarks of their



Networks Unlimited, Chriselna Welsh, +27 (0) 11 202 8400 ,

icomm, Debbie Sielemann, +27 (0) 82 414 4633, ,


Home    About Arbor Networks     Website



ITNewsAfrica logo

Download Button