Level 4
With the Internet of Things (IoT) industry quickly developing new gadgets, it’s no surprise that hackers are having a field day. As more connected devices come on the market, the more chances they will be probed for their vulnerabilities. And that’s exactly what threat researchers have detected. Since the first half of 2019, cyberthreats on IoT devices have been on the rise with a significant increase in attacks on network-connected smart devices and process controllers. One particularly ubiquitous malware that continues to attack IoT devices is the Mirai botnet and its many variants.

What is the Mirai botnet?
Mirai is a type of malware that infects smart devices run on the ARC processor. It attacks these devices, turning them into a network of remotely controlled bots (called a botnet) that is often then used to launch DDos (distributed denial-of-service) attacks. After an infamous attack in 2016, the authors of the Mirai malware released the source code to the public and since then it’s continued to evolve. It’s been replicated and modified by experienced cybercriminals and unskilled threat actors alike, making it harder to trace and take down.

How does Mirai work?
The Miria botnet is simple and efficient. Mirai scans the internet for IoT devices that run on the ARC processor, which runs a stripped-down version of the Linux operating system. These devices can be anything from baby monitors, network routers, medical devices, home appliances, smoke detectors, CC cameras and even vehicles. If it finds an open Telenet port where the default username and password combination has not been changed, Mirai will try to infect the device by brute forcing the logins using different combinations of default credentials.

Once it has successfully logged in, Mira sends the victim IP and related credentials to a reporting server. After it’s assessed and gathered the information it needs about the environment it’s running in, it will use this information to download second stage payloads and device specific malware.