A Trojan program that managed to infect about hundreds of thousands of internet of things devices has had its source code published online which will clearly pave a way for more botnets to be used. The Trojan used the IoT devices to launch some distributed denial of service attacks against the devices.
The Trojan code, which the creator of the Trojan calls Mirai, was released on Friday and on an English language forum. The news was reported cyber security blogger Brian Krebs. His website was the one which had been target with a record DDoS attack just a fee weeks back, and the attack had also been launched from the Mirai botnet. The creator of the Trojan uses the online handle Anna-senpai, noted that his decision to release the code publicly was as a result of the attention that is being added on the IoT powered devices and the DDoS attacks which come from them as a result, and he said he wants to get his out of this business.
The Mirai Trojan is known to have enslaved about 380,000 IoT devices every day through a brute force Telnet attack, Anna-senpai said. After the DDoS attacks against Krebs website was launched, some ISPs have started to take action and they are now working to protect the compromised devices, and now the daily rate for compromised devices has dropped to 300,000. It is even expected to go down further, the creator announced. Most attacks from IoT devices are usually temporary as they disappear when the device is eventually rebooted. To maintain their size, IoT botnets have to find new devices to affect every single day.
The use of home routers, DSL modems, digital video recorders and the network attached storage systems is not new to use them to make DDoS attacks. Back in October 2015, Incapsula, a security firm managed to mitigate a DDoS attack which had been launched from 900 CCTV cameras. IoT botnets however seem to have reached full potential already, and after the record attack against Krebs website, they have also managed a 799 Gbps attack against French server and some digital video recorders and IP cameras were hacked to achieve the attack.
Surprisingly, there are handful of DDoS mitigating providers in the world who can protect customers against a 1 Tbps attack. Content delivery network, Akamai also offers some DDoS protection services actually dropped the Krebs website after it had been attacked because they could not protect him from the 620 Gbps attack he received. The market for IoT devices has been growing over the past few years, therefore the number of attacks are expected to rise if anything. Many of the devices have some basic security holes which need to be addressed.