A bulletin released by US-CERT explains an issue where IoT (also known as Internet of Things) devices have recently been used to create large scale botnet attacks.
“On September 20, 2016, Brian Krebs’ security blog (krebsonsecurity.com) was targeted by a massive DDoS attack, one of the largest on record, exceeding 620 gigabits per second (Gbps). An IoT botnet powered by Mirai malware created the DDoS attack. The Mirai malware continuously scans the Internet for vulnerable IoT devices, which are then infected and used in botnet attacks. The Mirai bot uses a short list of 62 common default usernames and passwords to scan for vulnerable devices. Because many IoT devices are unsecured or weakly secured, this short dictionary allows the bot to access hundreds of thousands of devices. The purported Mirai author claimed that over 380,000 IoT devices were enslaved by the Mirai malware in the attack on Krebs’ website.”
In order to prevent malware on IoT devices, US-CERT recommends that users, “ensure all default passwords are changed to strong passwords. Default usernames and passwords for most devices can easily be found on the Internet, making devices with default passwords extremely vulnerable.”
Now that the Mirai source code has been released on the Internet you can expect the number of attacks to increase. According to US-CERT, “such botnet attacks could severely disrupt an organization’s communications or cause significant financial harm.” Cyber-security professionals should harden networks against the possibility of a DDoS attack.