What is Mirai Bot?
Mirai is a malware that turns networked devices running Linux into remotely controlled “bots” that can be used as part of a botnet. This network of bots is often used to conduct massive Distributed Denial of Service (DDoS) attacks.
Key Points about Mirai:
- Discovery: Mirai was first detected in September 2016 after it was used to launch a record-breaking DDoS attack exceeding 620 Gbps against security blogger Brian Krebs’ website, KrebsOnSecurity.com.
- Targets: Mirai primarily targets Internet of Things (IoT) devices such as security cameras, webcams, and routers that run on Linux and have weak or default login credentials.
- Infection Method: The malware continuously scans the internet for vulnerable devices. Once found, it attempts to log in using a list of 62 common default usernames and passwords. The alarming number of insecure IoT devices allows Mirai to compromise hundreds of thousands of devices.
- Impact: Mirai botnets have been used to launch some of the largest and most disruptive DDoS attacks in history, causing significant outages and disruptions to online services.
CISA Alert on Mirai:
The Cybersecurity and Infrastructure Security Agency (CISA) in the US issued an alert (TA16-288A) about the Mirai botnet, highlighting the threat it poses to internet infrastructure and urging users and organizations to take steps to mitigate the risk.
Key Takeaways from the CISA Alert:
- Vulnerability: Many IoT devices are shipped with insecure default configurations and weak passwords, making them easy targets for Mirai.
- Mitigation: CISA recommends changing default passwords, disabling Telnet if not needed, and keeping devices updated with the latest security patches.
- Ongoing Threat: Even though Mirai was discovered in 2016, it remains a significant threat as its source code was publicly released, allowing variants and new botnets to emerge.
Conclusion:
Mirai highlights the growing security challenges posed by the increasing number of IoT devices connected to the internet. It underscores the importance of strong passwords, regular software updates, and vigilance in securing these devices to prevent them from being compromised and used in malicious activities.