First let’s start off by defining a few terms that will be utilized throughout this memo. A malicious actor(Ital.) is someone who intends to do harm to an individual, service, or system. A Botnet(Ital.) is a series of computers that have been taken over and infected to be used by a someone with malicious intent. A DDoS()Ital. or Distributed Denial of Service attack is a malicious attempt to disrupt the normal flow of traffic on a server or website by overwhelming them IoT(Ital.) or Internet of Things are a accumilation of internet connected devices such as cameras, smart watches, home security systems, and even airplane engines. Zero-day vulnerabilities or zero-day exploits(Ital.) are attacks that strike security flaws in systems to take advantage of there not being fix established yet. A Dictionary attack(Ital.) is the process that malcicious actors take in order to guess manufactured default passwords and passwords that are most commonly used.
What’s happening?
What initially started off as a Minecraft (A sandbox game released in 2011 and developed by Mojang Studios) DDoS, the Mirai Botnet(Italicize) created by Paras Jha, Dalton Norman, and Josiah White, soon evolved into something far worse. Affecting 175,000 websites and gaining international attenton, to include attention from other malicious hacking groups such as Anonymous and New World Hackers, Mirai most notibly, at least for the sake of this memo, infiltrated IoT devices. As stated above, IoT are an accumilation of internet connected devices, which means that if there is a piece of malware like Marai that can penetrate a vulnerability in your home security system, you may think that you are safe in the comfort of your own home when in all actuality you are not.
Why should it matter to you?
Well besides what has already been listed, the Marai botnet and it’s subsequent variants also have the capability to do anything from sending spam emails to holding a company’s proprietary information for ransom. What falls somewhere in the middle between the two is Marai and once again those that evolved from it, have the ability to steal credit card information. This leads to things like fraudulant purchases and taking hits to your credit score which we all know the negative connotations that can come with those.
What to do?
The best thing to do when faced with malware that can overwhelm your system or infiltrate your internet connected devices is first and most importantly, prevention. What you want to do is ensure that your OS or operating system on whatever device that you may be using that can access the internet is up to date. This can only protect you so much however due to zero day vulnerabilities, which are flaws in code that programmers may have unintentionally or intentionally left in when updating software that can be exploited by the malicious actors. The second thing that you can do is to make sure that when you purchase a new device such as a router that you DO NOT continue to use the default password and instead come up with your own strong password comprised of letters that are uppercase and lowercase, numbers, and special characters (if applicable). To include in the previous statement, you also DO NOT want to use easily guessed common knowledge information such as names, birthdays, anniversaries, or even previously used passwords across multiple devices or sites.
Resources
The Hacker News. (2024, April 30). New U.K. Law Bans Default Passwords on Smart Devices Starting April 2024(Italicize). https://thehackernews.com/2024/04/new-uk-law-bans-default-passwords-on.html
Petkauskas V. (2022, March 14). Mirai botnet used to steal confidential data via IoT devices(Italicize). Cybernews. https://cybernews.com/security/mirai-botnet-used-to-steal-confidential-data-via-iot-devices/#comments-reply
Malwarebytes. (n.d.). What was the Mirai Botnet?(Italicize). https://www.malwarebytes.com/what-was-the-mirai-botnet
Cloudflare. (n.d.). What is the Mirai Botnet?(Italicize). https://www.cloudflare.com/learning/ddos/glossary/mirai-botnet/
Shapiro. S.J. (2023, May 23). The Strange Story of the Teens Behind the Mirai Botnet(Italicize). IEEE Spectrum. https://spectrum.ieee.org/mirai-botnet