According to Recorded Future research, this could mark the first IoT botnet used in a DDoS attack since the initial Mirai attacks.
Building a slide deck, pitch, or presentation? Here are the big takeaways:
- A Mirai botnet variant was used in attacks on at least one company in the financial sector in January 2018. — Recorded Future, 2018
- This attack marks the first time an IoT botnet has been observed in use in a DDoS attack since the Mirai botnet took down multiple websites in 2017. — Recorded Future, 2018
A Mirai botnet variant was used in attacks against at least one financial sector company in January 2018—possibly the first time an IoT botnet has been observed in use in a DDoS attack since the Mirai botnet took down multiple websites in 2017, according to a Thursday report from Recorded Future.
The variant is possibly linked to the IoTroop or Reaper botnet, the report said.
The first hit—a DNS amplification attack—occurred on January 28. A second financial sector company experienced a DDoS attack on the same day at the same time, likely utilizing the same botnet, the report found.
The researchers identified at least seven IP addresses that were controllers for the botnet and likely involved in attack coordination. While the report did not name the companies targeted by the botnet, the researchers told our sister site ZDNet that they were global Fortune 500 firms. They have not determined who is responsible for the attacks, they said.
SEE: Security awareness and training policy (Tech Pro Research)
At least one of the companies affected by the attack had its customers services temporarily disrupted, the researchers told ZDNet, but the extent of the financial or network damage was not yet known.
"These attacks highlight the ongoing threat of DDoS to the financial sector from continuously evolving botnets," the report noted. "The similarity in device composition with the IoTroop/Reaper botnet suggest IoTroop has evolved to exploit vulnerabilities in additional IoT devices and is likely to continue to do so in the future in order to build up the botnet to facilitate larger DDoS attacks against the financial sector."
Though the report says that this may be the first time a botnet has been used in a DDoS attack this year, Ars Technica reported that creators of a botnet made of infected home and small office routers are selling DDoS attacks for just $20 per target. GitHub was also hit with a massive DDoS attack in March.
Business and consumer users of IoT devices should take the following measures to mitigate the risk of their devices being hacked by a botnet, the report noted:
- Always replace default manufacturer passwords immediately upon use.
- Keep the firmware for devices current and up to date.
- For IP camera and similar systems that require remote access, invest in a VPN.
- Disable unnecessary services (e.g., Telnet) and close ports that are not required for the IoT device.
- Special report: Cybersecurity in an IoT and mobile world (free PDF) (TechRepublic)
- Memcached DDoS: The biggest, baddest denial of service attacker yet (ZDNet)
- DDoS attacks increased 91% in 2017 thanks to IoT (TechRepublic)
- Brazil hit by 30 DDoS attacks per hour in 2017 (ZDNet)
- Massive DDoS attack lasts for 277 hours, highlighting growth of extended attacks on businesses (TechRepublic)