Earlier this month, PACE reported the release of ‘Mirai’, a malware source code capable of massive attacks on IoT devices.
The malware code was responsible for a colossal DDoS attack (620Gbps; one of the largest ever recorded) on security blogger KrebsOnSecurity.
According to Level 3 Communications (who have been tracking and reporting on the code), the number of devices infected by Mirai was at 213,000 around October 1. This number has now spiralled to 493,000.
“The true number of actual bots may be higher,” said Level 3 in a recent blog post.
As mentioned in PACE, Mirai can harness many attack vendors, including UDP, DNS and HTTP floods, as well as GRE IP and Ethernet floods. Those using IoT devices with default usernames and passwords are at risk.
According to Level 3, the majority of devices attacked have been DVRs (>80 per cent), with the rest being routers and other miscellaneous devices such as IP cameras and Linux servers.
“The magnitude of attacks observed can be quite significant,” said Level 3.
“We have observed several attacks using more than 100Gbps. Large armies of bots participated in attacks, with several using over 100,000 bots against the same victim.
“We have seen Mirai botnets employ a variety of different attacks, the majority of which are L7 HTTP attacks and UDP and TCP floods, while a smaller fraction utilised GRE.”
The majority of the devices attacked are located in the US (29 per cent), followed by Brazil (23 per cent) and Colombia (8 per cent).
Last month, IP cameras manufactured by Dahua were identified as being at risk, as well as a line of digital recorders using the H.264 format (manufacturer unknown). Additional manufacturers including Sierra Wireless and Xiongmai Technology have also been identified.
“Manufacturers play a vital role in mitigating threats from malware like Mirai,” said Level 3.
“By disabling unused services, such as telnet, and requiring users to set passwords after installation, devices become much less vulnerable. Consumers can improve their security as well by changing default passwords and following security best practices.”
The company added that as IoT devices become more widespread, implementing security measures will become increasingly important. It expects the number of devices attacked by Mirai to increase.