Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Shadows Kill Mirai Botnet caused an Internet outage in Liberia, what is the next one?

Mirai botnet was used to power a massive DDoS attack against Liberia causing the Internet outage in the entire country with financially devastating results. Mirai is the malware that a few weeks ago caused a massive Internet outage in the US. Mirai was first spotted this summer by the security expert MalwareMustDie, now media reported the use of the […]

liberia

Mirai botnet was used to power a massive DDoS attack against Liberia causing the Internet outage in the entire country with financially devastating results.

Mirai is the malware that a few weeks ago caused a massive Internet outage in the US. Mirai was first spotted this summer by the security expert MalwareMustDie, now media reported the use of the dreaded botnet against Liberia. with financially devastating results.

The financial repercussions of the massive DDoS attack on the country are devastating.

The massive DDoS attacks began a few days ago impacting some Liberian internet providers as explained the security researcher Kevin Beaumont.

liberia-ace_cable_system_liberia1

Beaumont credited the Mirai botnet for the attacks that hit the African country, he called this botnet #14 “Shadows Kill”, based on the message they sent.

“Over the past week we’ve seen continued short duration attacks on infrastructure in the nation of Liberia. Liberia has one internet cable, installed in 2011, which provides a single point of failure for internet access. From monitoring we can see websites hosted in country going offline during the attacks — additionally, a source in country at a Telco has confirmed to a journalist they are seeing intermittent internet connectivity, at times which directly match the attack. The attacks are extremely worrying because they suggest a Mirai operator who has enough capacity to seriously impact systems in a nation state.” Beaumont wrote in a blog post.

The Botnet #14 was able to generate a volume of traffic greater than 500 Gbps, enough to cause a massive outage in a country like Liberia.

“From monitoring, we can see websites hosted in country going offline during the attacks,” Beaumont added.

Unfortunately, it is becoming quite easy to create or rent a botnet powered by the Mirai malware due to the availability of its source code leaked online by the alleged author.

According to Flashpoint who scanned the Internet with the Shodan search engine for flawed IoT devices more than 500,000 vulnerable devices are in the wild. The countries with the highest number of vulnerable devices are Vietnam (80,000), Brazil (62,000) and Turkey (40,000).

mirai-shodan-vulnerable-devices

Large-scale DDoS attacks continue to represent a serious threat for web services across the world, and IoT devices represent a privileged attack vector due to the lack of security by design. IoT manufacturers are encouraged to seriously consider the approach at the security of their products.

I reached MalwareMustDie for a comment on the real abilities of the Mirai Botnet.

Q: Which are the capabilities of the Mirai Botnet?

A: Mirai botnet can make big damage as per several “demonstration” they did, included Liberia attack. The threat is seriously powerful, as per I firstly mentioned in the Security Affair interview. The way to stop it, are, either we push the effort to arrest ‘skiddes‘ who related to this botnet, and more strict in rule/policy for DDoS abuses, or, put down be more aggressive to take down infected IoT devices. Seriously, time is critical yet many ppl still not acting faster, if we let this happen with the current pace, in this Christmas or new year some countries and services can be shut down too … and they can do that.

Q: Is it possible to use Mirai to shut down a country like the UK or France?

A: If they know which point to attack, YES. They caused a major Internet outage in the United States for some hours, and the US have the strongest internet backbone in this planet.

It is my personal opinion that who released the code online was trying to rapidly increase the size of Mirai botnet. More smoking guns make harder the attribution and this could help crooks to keep lower their profile and nation-state hackers make impossible the attribution of the attacks even against a foreign country.

It is clear that someone is using the Botnet #14 to test a large scale attack probably against some Government.

We have no time, we need a new approach to cyber security, IoT devices need security by design.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Android, security patches)

[adrotate banner=”5″] [adrotate banner=”13″]