New Mirai Botnet Unleashes a DDoS Attack That Lasted for 54 Hours!

Author Photo
Mar 30, 2017
11Shares
Share Tweet Submit

Following high-profile DDoS attacks that took down swathes of internet by impacting Dyn DNS services, Mirai is apparently still going strong. One of the highlights of 2016, Mirai is a botnet malware based on Internet of Things. The trojan’s source code was leaked online at the end of the last year, leading to more variants of it.

Researchers are now reporting that one of Mirai variants has been targeting networks of a US college and the distributed denial of service (DDoS) attack went on for 54 hours – straight!

Related Corporate & Government Web Servers Under “Massive” Attack as Hackers Actively Exploit Apache Struts Flaws

New Mirai variant targets a US college

Imperva researchers revealed that the new Mirai threat was used to launch a DDoS attack against an unnamed US college, which is Imperva’s client, and assault went on for 54 hours. “The average traffic flow came in at over 30,000 RPS and peaked at around 37,000 RPS – the most we’ve seen out of any Mirai botnet. In total, the attack generated over 2.8 billion requests,” the group reported.

Imperva’s Dima Bekerman explained that the research team believes that this attack has emerged from a Mirai-powered botnet based on a number of factors, “including header order, header values and traffic sources.”

“Our client classification system immediately identified that the attack emerged from a Mirai-powered botnet,” Bekerman added. Coming to what devices launched the attack, the weapons seemed to have remained the same, from CCTV camera to DVRs.

Our research showed that the pool of attacking devices included those commonly used by Mirai, including CCTV cameras, DVRs and routers. While we don’t know for sure, open telnet (23) ports and TR-069 (7547) ports on these devices might indicate that they were exploited by known vulnerabilities.

Bekerman said that the team saw attack traffic originating from 9,793 IPs worldwide, including over 18.4% traffic coming from the United States and 11.3% from Israel, followed by Taiwan, India, Turkey, Russia, Italy, Mexico, Colombia, and Bulgaria, among several other countries.

Related “Occupy White House” Online DDoS Protest Plans to Disrupt Trump’s Inauguration

“Based on our experience, we expect to see several more bursts before the offender(s) finally give up on their efforts,” Bekerman warned.

Share Tweet Submit