Mirai botnet

Published on 2016-10-17 15:46:00.

Nowadays the world relies on connectivity with very few devices not being part of the connected world. Significant part of the connected world which is constantly growing is the smart devices called “Internet-of-Things” (IoT). These devices can be sensors that conduct interactions with little or no human intervention leading to its own gigantic network of interconnected smart devices. One of the goals of such devices is to sense/collect and send data from remote locations to allow detection of important events and take relevant predefined actions accordingly. For example, a sensor in an agricultural farm collecting data related to water levels of the soil, sends this information to a central monitoring system that controls the flow of water in the farm.

These systems have led to the rise of intelligent and ubiquitous services that can be built upon the information received from this data. With such collection, transmission and analysis of data, the user privacy and information security instantly becomes a major concern for the IoT services and application. Security breaches will seriously affect the usability and consumption of IoT services in various fields, including but not limited to, healthcare and payment services.

On the eve of 20th September, the source code of the Mirai botnet [1] responsible for one of the biggest known cyber-attacks originating and targeting IoT (Internet of Things) devices was released. IoT devices are interconnecting physical devices such as webcams, thermostats, sensors, and other devices that collect and exchange data and can be controlled by end-users over a network. The Mirai botnet has recently been used to deploy a DDoS (Distributed denial-of-service) attack generating 620 Gbps of traffic against the website of the famous American journalist Brian Krebs.

According to forecasts [2], there will be as many as 6.4 billion IoT devices connected to the internet by the end of 2016, and this number is expected to reach 20.7 billion by 2020. These staggering figures combined with the release of the botnet source code, poses a critical threat for the existing IoT infrastructure in the industry, as well as for end-users. A main attack vector of such botnet is the use of weak credentials that are either never changed from their default form (default username and password) or the use of common and non-complex passwords. A recommendation to mitigate attacks from such a botnets is to change the default administrative credentials for all IoT devices that are, in any way, connected to a (LAN/WAN) network.

As a part of the H2020 framework, the biotope project [3] aims to provide an ecosystem for such smart devices which will also address the security aspect of such devices. itrust consulting plays a leading role in developing the security toolkit that will protect such smart devices against potential cyber-attacks. Such toolkit will seamlessly integrate within the framework of the biotope project providing a complete and secure System-of-System platform for IoT devices.