Mirai Botnet Hits US College With Massive 54 Hour Attack

Security researchers at Imperva Incapsula have uncovered a new variant of the Mirai malware.

The Mirai botnet is notorious as it was used in an high profile attack that brought down Twitter, Reddit, Netflix and other high-profile sites last year.

In January, security journalist Brian Krebs, whose website was one of the targets, identified the IoT malware as being written by a young developer who started off in the business of protecting servers from denial-of-service attacks.

New Variant

Last year the Mirai botnet had spread like wildfire and infected 2,398 home routers across the UK, with 99 percent of them being TalkTalk routers.

But now researchers at Imperva Incapsula warned in a blog post that they have discovered a new variant of the malware.

“Given the success of those attacks, along with the public availability of the Mirai source code, it was clearly only a matter of time before botnet herders began experimenting with new versions of the malware,” warned the researchers.

They said that a few weeks ago what could possibly be yet another version of Mirai (capable of launching application layer attacks) hit one of its customers, a US college, with a 54 hour long attack that generated the highest traffic flow Imperva Incapsula has ever seen out of a Mirai botnet.

“The average traffic flow came in at over 30,000 RPS and peaked at around 37,000 RPS – the most we’ve seen out of any Mirai botnet. In total, the attack generated over 2.8 billion requests,” they wrote.

“Based on a number of signature factors, including header order, header values and traffic sources, our client classification system immediately identified that the attack emerged from a Mirai-powered botnet,” they said. “Our research showed that the pool of attacking devices included those commonly used by Mirai, including CCTV cameras, DVRs and routers.”

“Looking at the bigger picture, this variant of Mirai might be a symptom of the increased application layer DDoS attack activity we saw in the second half of 2016,” the researchers concluded.

“That said, with over 90 percent of all application layer assaults lasting under six hours, an  attack of this duration stands in a league of its own.”

IoT Malware

The Mirai botnet is not the only piece of malware to utilise poorly protected Internet of Things (IoT) devices.

Earlier this month for example, researchers discovered malware targeting a security bug in a popular line of Internet-connected cameras.

Prior to that researchers have detected powerful denial-of-service attacks launched from a botnet made up of 900 hacked CCTV cameras.

Users are advised to always protect IoT devices with security products that check Internet traffic passing between the router and the devices connected to it.

Quiz: Do you know all about security in 2016?

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

X Updates Grok AI Chatbot Over Election Misinformation

X makes changes to xAI's Grok AI chatbot after five US secretaries of state take…

8 mins ago

China Says New Dutch Chip Export Rules Result Of ‘Coercion’

China says new Dutch export controls on chipmaking equpment result of US 'coercion' design to…

39 mins ago

iPhone 16 Gets Generative AI, Siri Upgrade

Apple launches iPhone 16 range with generative AI features, plus camera-based 'visual intelligence', new AirPods,…

1 hour ago

Google Goes On Trial In US Over Ad Tech Dominance

US trial of Google over ad tech market power begins, with forced divestiture of ad…

15 hours ago

US DOJ To Propose Google Penalties By End Of Year

US judge gives Justice Department until end of year to formulate plan for Google punishment…

22 hours ago

Trump ‘To Appoint Musk’ To Gov’t Efficiency Role If Elected

Donald Trump says he would appoint Elon Musk to lead government efficiency commission if elected,…

23 hours ago