Mirai-Based Malware Continues to Dominate Botnet Variants, Report Finds

Compromised IoT devices remained a problem in Q1 2020, contributing to DDoS attacks worldwide, mostly from DNS vectors, according to a new NetScout report.

The advent of IoT devices has increased the number of DDoS attacks registered over the past few years and expanded the attack vectors. While many IoT devices lack the processing power to deploy massive attacks, their sheer number allows operators to compensate.

For example, one of the most significant DDoS attack in recent history took place last year. It registered 292,000 requests per minute, lasted 13 days, and more than 400,000 IoT devices participated.

Many current IoT threats are variants based on the more infamous Mirai malware, which made a significant impact in 2016. Since then, numerous other botnets using Mirai code surfaced, causing problems with IoT hardware.

“Malicious authors continued their impressively efficient efforts to syphon in the latest IoT exploits and churn out new Mirai-based variants,” states the NetScout report. “Mirai still rules the ever-expanding IoT-based malware world, and the pandemic effect triggered massive growth in Mirai-based variants in March.”

Some of the most common Mirai-based variants include Corona, Kyton and Ares. And they are still using the same combination of usernames and passwords to try and compromise devices: guest/12345, admin/admin or guest/guest.

Other, non-Mirai, botnets in the wild include Gafgyt.

“We saw a significant spike in Gafgyt samples from February through June, although January through February, decreased compared with 2019,” say the researchers. “The spike in the number of samples is likely related to the increase in consumer devices brought online as the remote work skyrocketed during that time frame.”

There are currently 22 billion IoT devices globally, and the COVID-19 pandemic hasn’t slowed development significantly. The market is still on track to reach 41.6 billion by 2025, which means that the attack surface will only increase.