Mirai is a malware from the botnet family designed to infect the computers that make up the IoT. The main objective of this malware is the infection of routers and IP cameras, using these to carry out DDoS-type attacks. During the last few years, DDoS attacks have increased dramatically. We are talking about all those incidents of “denial of service” where the networks are saturated by visits, which prevent the proper functioning of a platform.
Yes, it is a complex, computerized concept that seems far from reality, but which may eventually mean the end of the internet as we know it. This became clear on October 21, 2016, when a series of cyberattacks of this type caused the fall of large sites such as Twitter, Spotify and Netflix. Platforms that you probably know and use, and that would impact your life if they disappear.
This attack, based on the Mirai botnet, was made possible thanks to one of the trends that will shape technology not only now, but throughout the decade. We are talking about the Internet of things, a great platform that allows us to connect practically from our household appliances to the sensors of an entire industry. And that although it means an important advance at a technological level, it was also the main entrance door of this attack.
In the case of the incident on October 21, the problem developed on a DNS infrastructure managed by the Dyn company. In other words, it was not a direct attack against Netflix or Spotify, but rather against a central Internet infrastructure that had a ripple effect on a huge number of other platforms.
Unfortunately, the lax security and firmware vulnerability in millions of IoT devices is still a mine of another for DDoS attacks. Because of these, the Mirai botnet can only continue to grow, both in number and strength. Fortunately, this does not mean that all is lost. The attack on Dyn did not affect all the companies present in the market. This was the case with Akamai and its services, which thanks to its security system could have resisted this or other similar attacks.
Mirai continuously scans the devices linked to IoT and infects them by accessing them through telnet with the access credentials that come by default, loading its malicious code in the main memory of the device, in this way it remains infected until it is rebooted. Mirai includes a table of network masks which it does not infect, within which are private networks and addresses belonging to the United States Postal Service, the Department of Defense, IANA, Hewlett-Packard and General Electric
