Mirai Botnet Hits US College With Massive 54 Hour Attack

Security researchers at Imperva Incapsula have uncovered a new variant of the Mirai malware.

The Mirai botnet is notorious as it was used in an high profile attack that brought down Twitter, Reddit, Netflix and other high-profile sites last year.

In January, security journalist Brian Krebs, whose website was one of the targets, identified the IoT malware as being written by a young developer who started off in the business of protecting servers from denial-of-service attacks.Botnet

New Variant

Last year the Mirai botnet had spread like wildfire and infected 2,398 home routers across the UK, with 99 percent of them being TalkTalk routers.

But now researchers at Imperva Incapsula warned in a blog post that they have discovered a new variant of the malware.

“Given the success of those attacks, along with the public availability of the Mirai source code, it was clearly only a matter of time before botnet herders began experimenting with new versions of the malware,” warned the researchers.

They said that a few weeks ago what could possibly be yet another version of Mirai (capable of launching application layer attacks) hit one of its customers, a US college, with a 54 hour long attack that generated the highest traffic flow Imperva Incapsula has ever seen out of a Mirai botnet.

“The average traffic flow came in at over 30,000 RPS and peaked at around 37,000 RPS – the most we’ve seen out of any Mirai botnet. In total, the attack generated over 2.8 billion requests,” they wrote.

“Based on a number of signature factors, including header order, header values and traffic sources, our client classification system immediately identified that the attack emerged from a Mirai-powered botnet,” they said. “Our research showed that the pool of attacking devices included those commonly used by Mirai, including CCTV cameras, DVRs and routers.”

“Looking at the bigger picture, this variant of Mirai might be a symptom of the increased application layer DDoS attack activity we saw in the second half of 2016,” the researchers concluded.

“That said, with over 90 percent of all application layer assaults lasting under six hours, an  attack of this duration stands in a league of its own.”

IoT Malware

The Mirai botnet is not the only piece of malware to utilise poorly protected Internet of Things (IoT) devices.

Earlier this month for example, researchers discovered malware targeting a security bug in a popular line of Internet-connected cameras.

Prior to that researchers have detected powerful denial-of-service attacks launched from a botnet made up of 900 hacked CCTV cameras.

Users are advised to always protect IoT devices with security products that check Internet traffic passing between the router and the devices connected to it.

Quiz: Do you know all about security in 2016?

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Mark Zuckerberg Lobbies Trump To Avoid Antitrust Trial – Report

Mark Zuckerberg is reportedly lobbying President Donald Trump for a settlement to avoid antitrust trial…

1 hour ago

Bitcoin Slides To $81,000 In Trump Tariff Shock

As global markets reel from Trump's tariffs, the price of Bitcoin slides as investors seek…

2 hours ago

Amazon’s First Project Kuiper Satellites Slated For 9 April Launch

Rival for Starlink and OneWeb. United Launch Alliance slated to send 27 Kuiper satellites into…

4 hours ago

Trump’s Tariffs: Implications For Tech Sector

Semiconductor imports are free of Trump's tariff war, but concerns remain over imports of smartphones…

5 hours ago

OpenAI Secures $40 Billion Funding Deal With SoftBank, Others

SoftBank has agreed a funding deal that will see OpenAI being provided with up to…

22 hours ago

Tesla Sales Plummet Amid Elon Musk Backlash

Tesla sales have plummeted to lowest level in three years, as deliveries of new EVs…

23 hours ago