Shadows Kill Mirai Botnet caused an Internet outage in Liberia, what is the next one?

Mirai botnet was used to power a massive DDoS attack against Liberia causing the Internet outage in the entire country with financially devastating results.

Mirai is the malware that a few weeks ago caused a massive Internet outage in the US. Mirai was first spotted this summer by the security expert MalwareMustDie, now media reported the use of the dreaded botnet against Liberia. with financially devastating results.

The financial repercussions of the massive DDoS attack on the country are devastating.

The massive DDoS attacks began a few days ago impacting some Liberian internet providers as explained the security researcher Kevin Beaumont.

Beaumont credited the Mirai botnet for the attacks that hit the African country, he called this botnet #14 “Shadows Kill”, based on the message they sent.

“Over the past week we’ve seen continued short duration attacks on infrastructure in the nation of Liberia. Liberia has one internet cable, installed in 2011, which provides a single point of failure for internet access. From monitoring we can see websites hosted in country going offline during the attacks — additionally, a source in country at a Telco has confirmed to a journalist they are seeing intermittent internet connectivity, at times which directly match the attack. The attacks are extremely worrying because they suggest a Mirai operator who has enough capacity to seriously impact systems in a nation state.” Beaumont wrote in a blog post.

The Botnet #14 was able to generate a volume of traffic greater than 500 Gbps, enough to cause a massive outage in a country like Liberia.

“From monitoring, we can see websites hosted in country going offline during the attacks,” Beaumont added.

Unfortunately, it is becoming quite easy to create or rent a botnet powered by the Mirai malware due to the availability of its source code leaked online by the alleged author.

According to Flashpoint who scanned the Internet with the Shodan search engine for flawed IoT devices more than 500,000 vulnerable devices are in the wild. The countries with the highest number of vulnerable devices are Vietnam (80,000), Brazil (62,000) and Turkey (40,000).

Large-scale DDoS attacks continue to represent a serious threat for web services across the world, and IoT devices represent a privileged attack vector due to the lack of security by design. IoT manufacturers are encouraged to seriously consider the approach at the security of their products.

I reached MalwareMustDie for a comment on the real abilities of the Mirai Botnet.

Q: Which are the capabilities of the Mirai Botnet?

A: Mirai botnet can make big damage as per several “demonstration” they did, included Liberia attack. The threat is seriously powerful, as per I firstly mentioned in the Security Affair interview. The way to stop it, are, either we push the effort to arrest ‘skiddes‘ who related to this botnet, and more strict in rule/policy for DDoS abuses, or, put down be more aggressive to take down infected IoT devices. Seriously, time is critical yet many ppl still not acting faster, if we let this happen with the current pace, in this Christmas or new year some countries and services can be shut down too … and they can do that.

Q: Is it possible to use Mirai to shut down a country like the UK or France?

A: If they know which point to attack, YES. They caused a major Internet outage in the United States for some hours, and the US have the strongest internet backbone in this planet.

It is my personal opinion that who released the code online was trying to rapidly increase the size of Mirai botnet. More smoking guns make harder the attribution and this could help crooks to keep lower their profile and nation-state hackers make impossible the attribution of the attacks even against a foreign country.

It is clear that someone is using the Botnet #14 to test a large scale attack probably against some Government.

We have no time, we need a new approach to cyber security, IoT devices need security by design.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Android, security patches)

[adrotate banner=”5″] [adrotate banner=”13″]