Updated Mirai Botnet Malware Executes 54-hour DDoS Attack

Botnets remain a very popular tool among cybercirminals these days. Ever since the Mirai botnet was introduced to the world, several variants have popped up in its wake. A new variant of this particular botnet malware has been discovered, which is capable of executing 54-hour DDoS attacks. It goes to show the initial Mirai botnet malware was just a sign of things to come, as the situation will only get worse from here on out.

Mirai Botnet Malware Becomes Even More Dangerous

It is not surprising to find out the Mirai botnet malware has undergone a major update. Since the source code was made public on the internet a while ago, developers all over the world have been busy analyzing the project. Some criminals have taken it upon themselves to make improvements to this source code. Unfortunately, this also means more botnet attacks will be executed in the future, which does not bode well by any means.

Speaking of which, someone used an updated Mirai malware client to attack a US College in February of 2017. This particular attack saw the US college facing a strong DDoS attack over a 54-hour timespan. This is quite a significant change from how the original botnet operated, as those attacks would usually only last for 24 hours. Extending such powerful distributed denial-of-service attacks to a 54-hour window is quite a significant development.

As one would expect, this particular Mirai botnet attack was made possible thanks to thousands of IoT devices getting hacked once again. All of these devices successfully flooded the intended target with HTTP traffic. It is believed nearly 10,000 CCTV cameras, routers, and DVRs were used to successfully execute this large-scale DDoS attack. Security experts also claim vendors of these devices failed to address the security vulnerabilities exposed by the original Mirai malware.

A multi-day direct denial-of-service attack is quite unusual, to say the least. Interestingly enough, this particular attack maintained a flow of 30,000 HTTP requests per second during the entire 54 hours of flooding the network. It is evident this is a big step up compared to the initial Mirai botnet attack, although it may only be a marginal improvement compared to what the future has in store. After all, there is no limit as to what criminals can do by using the Mirai malware code and making additional improvements.

One major change separates both Mirai malware types. The new variable contains 30-user agent alternatives, compared to only 5 found in the original botnet. A larger range of user agents allows the malware to circumvent any countermeasure put in place by engineers to mitigate these botnet attacks. Moreover, it appears there is a geographical chance as to where these attacks originate from as well. This particular attack included IP addresses originating from the US (18%), Israel (11%) and Taiwan (11%).

It is evident security researchers are quite concerned about this new development. Having a malware capable of executing large-scale, sustained, multi-day DDoS attacks is quite troublesome. If the people responsible for this US college attack find a way to keep improving and refining their tactics, things could take on cataclysmic proportions relatively quickly. Internet of Things device security remains a critical weakness that needs to be addressed sooner rather than later as well.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.