A new internet threat nears in the horizon. The cybersecurity journalist Brian Krebs revealed on his Krebs on Security blog that a hacker had released the source code of the botnet responsible for the DDoS attack that took down his site last month.
Krebs stated in his post that he had traced back the origins of the assault to that same piece of malware. He also claimed that the hacker dubbed ‘Anna-senpai’ posted the source code on a Hackforums board last Friday.
The release of this new code for IoT-devices-based botnet implies a near-imminent wave of attacks using the newfound technique. Brian Krebs stated that upon publicly releasing the source code it was “virtually guaranteed” that prominent sites on the internet would face significant attacks such as the one his site suffered.
What is a DDoS and how does it work?
The publishing of the source code by ‘Anna-senpai’ worries cyber security experts for it represents an enhanced version of an already existing threat. The difference lies in its increased range and the potential dangers it poses to the online world.
A Distributed Denial of Service (or DDoS) attack is a systematic assault performed by a hacker. The perpetrator hacks into a large number of unprotected computers and organizes them into a coordinated ‘botnet.’
These hundreds or thousands of computers then all access the targeted website or platform and clog the server by triggering requests on it, like clicking on an option several times or switching from one section to another. In a synced effort, this can quickly take down a website and what’s more, render the server that hosts it useless.
This is exactly what happened to Brian Krebs and the Krebs on Security blog, except in a much, much larger scale. The DDoS attack that hit Krebs’ blog was so massive that it amassed 620 Gbps of traffic all at once, affecting even Akamai’s CDN.
The way in which this was possible was thanks to the ‘Mirai’ source code, the new malware released by ‘Anna-senpai’ on the Hackforums community last Friday. ‘Mirai’ conducts an automated DDoS attack in the same way a hacker would do, except it targets IoT devices as its minions instead of computers.
The dawn of the Internet of Things has brought millions of new connected devices to the world. The majority of these ‘things’ are unprotected and easily hackable, making them a perfect vehicle to wreak havoc online.
Cameras, smart TVs, digital media players, home assistants, and more devices that now make a part of our lives are connected to the internet. ‘Mirai’ penetrates into them and turns them into agents of destruction.
Brian Krebs noted that there is a particular brilliance behind the malware since IoT devices are made to be cost-effective and, therefore, lacking in security. Some of them don’t even run on an operating system, making them easier to automate for questionable purposes.
The journalist also called for an industry-wide review of security standards on IoT ‘things’ since the ever-increasing market will place higher and higher quantities of devices in users’ homes in the next couple of years.
Krebs recommended to all device owners that they should change the default security settings to not have their connected ‘things’ enslaved by Mirai- like malware. He also stated that there is at least one other similar code called ‘Bashlight’ capable of performing attacks like the one suffered by his site.
Source: Krebs On Security