Introduction
With the growing popularity of the Internet of Things, its devices became the main target by cybercriminals as a platform for organizing the most potent cyber attacks. The severity and number of high-profile security incidents involving such devices have shown that they are “the weakest link in the security chain” of modern computer networks (Kolias et al., 2017, p. 80). The biggest and the most well-known example of IoT utilizing botnets is the Mirai botnet, first discovered in August 2016 by the MalwareMustDie research group (Kolias et al., 2017). On October 12, 2016, the east coast of the United States underwent a vastly distributed denial of service (DDoS) attack that rendered most of the Internet unreachable (Fruhlinger, 2018). The massive malware indicated the flawed security system, the vulnerability of IoT to cyber attacks and the need for new security measures and precautions.
Analysis
Currently, the Mirai botnet is still active, continuing to evolve and attack the Internet of Things. According to numerous sources, “the biggest enrolled botnet that utilizes the IoTs” consists of four main components (Vengatesan et al., 2018, p 120). A command center (CnC) “contains a MySQL database of all infected IoT devices (bots) and distributes commands to intermediate command distribution servers” (Margolis et al., 2017, p. 8). The report server, a component for receiving the results of scanning bots, the task of which is to collect the results of work from bots and then redirect them (Kolias et al., 2017) The loader, a download component that delivers a bot binary file to a vulnerable device. It uses the wget and TFTP utilities, but if they are not present in the operating system, this component uses its proprietary loader (Margolis et al., 2017). And the bot, “the malware that infects devices” (Kolias et al., 2017, p.81) which is post launching connects to the command center, scans a range of IP addresses for IoT devices, and passes the scan findings to the Scan Receiver for further malicious malware distribution to the device.
The principle of the attack is based on Mirai scans devices for open Telnet ports and tries to brute force using standard pairs of logins and passwords. (Fruhlinger, 2018). The list of pairs can be expanded at the discretion of the attacker. Also, during the scanning process, Mirai determines the architecture of the “victim.” After successfully selecting a valid login-password pair and choosing the architecture, the IoT device is infected by the bot. According to Gartner, it is expected that 50 IoT devices will be connected to the Internet by 2030 (as stated in Ahmed et al., 2019). Thus, measures should be taken.
In order to mitigate the activity of the Mirai botnet, it is recommended to implement several techniques and precautions. According to Ji et al., “the hardening script was shown to be successful in preventing the initial Mirai infection” (2018, p. 837). On the other hand, Ahmet et al. approve of using blockchains to secure IoT devices (2019). Overall, it is advisable to change the default account settings on each device; however, the account password must be at least eight characters long and contain numbers, uppercase letters, and special characters. Install the latest updates from the hardware manufacturer on each device and close all potential entry points to the device’s operating system from access from the Internet.
Summary
In conclusion, first discovered in 2016, the Mirai botnet has taken over an unprecedented number of IoT devices and wreaked havoc on the internet. The widespread harm caused by Mirai botnet attacks clearly demonstrated the risks posed by IoT devices and emerging cybersecurity threats to the World Wide Web. Nowadays, malware can take control of thousands of IoT devices and create massive destructive consequences. Therefore, the IoT today necessitates technical security measures and robust device security standards that all suppliers must follow.
References
Ahmed, Z., Danish, S. M., Qureshi, H. K., & Lestas, M. (2019). Protecting iots from mirai botnet attacks using blockchains. In 2019 IEEE 24th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD) (pp. 1-6). IEEE.
Fruhlinger, J. (2018). The Mirai botnet explained: How IoT devices almost brought down the internet. Web.
Ji, Y., Yao, L., Liu, S., Yao, H., Ye, Q., & Wang, R. (2018). The study on the botnet and its prevention policies in the internet of things. In 2018 IEEE 22nd International Conference on Computer Supported Cooperative Work in Design ((CSCWD)) (pp. 837-842). IEEE.
Kolias, C., Kambourakis, G., Stavrou, A., & Voas, J. (2017). DDoS in the IoT: Mirai and other botnets. Computer, 50(7), 80-84.
Margolis, J., Oh, T. T., Jadhav, S., Kim, Y. H., & Kim, J. N. (2017). An in-depth analysis of the Mirai botnet. In 2017 International Conference on Software Security and Assurance (ICSSA) (pp. 6-12). IEEE.
Vengatesan, K., Kumar, A., Parthibhan, M., Singhal, A., & Rajesh, R. (2018). Analysis of Mirai Botnet Malware Issues and Its Prediction Methods in Internet of Things. In International conference on Computer Networks, Big data and IoT (pp. 120-126). Springer, Cham.