Home Security IoT botnet used in DDoS attack on Liberia

IoT botnet used in DDoS attack on Liberia

Malicious attackers have used the freely available Mirai malware to launch a distributed denial of service attack on the small African nation of Liberia, a security researcher says.

UK-based network engineer Kevin Beaumont said the attacks had been going on for a week. As the country had just one Internet cable, installed in 2011, there was a single point of failure.

The Mirai malware has been used in a number of big attacks in the last two months. Around 100,000 Internet-of-Things devices were harnessed to attack Dynamic Networking Services, a major domain name services provider in the US last month. Nobody has reliably measured the magnitude of this attack, but it made the headlines as it affected well-known website like Twitter and Netflix.

The French hosting provider OVH was hit by a DDoS close to 1TBps but this has largely been ignored by the mainstream tech media, probably because it happened in an European country.

Much more publicity has been given to the attacks on the KrebsOnSecurity website, owned by security writer Brian Krebs, though these attacks peaked at 665GBps.

Beaumont said that the attacks on Liberia appeared to be more of a test rather than anything else. The Mirai botnet used was one of the larger ones, and appeared to be capable of generating attacks up to 500GBps.

All the attacks on this African country had been of short duration, Beaumont said, leading to the conclusion again that they were meant to test out the efficacy of a method of attack, rather than actually cause an economic or other impact.

A website MalwareTech.com has set up a Twitter account with the handle MiraiAttacks to track attacks by the malware.

The site said it was monitoring the ongoing events by deploying "around 500 custom telnet servers designed to emulate vulnerable IoT devices; our code will simulate a real telnet server and await a command specific to the Mirai malware before passing the IP address to our database.

"Due to the fact (that) Mirai self-propagates by scanning the entire Internet (with the exception of a few reserved ranges), we are able to see every scanning bot as soon as it hits one of our 500 IP addresses.

"Unfortunately, scanning the entire Internet takes quite a while when you’re using an IoT device with the processing power of a pocket calculator, which is why we made the decision to deploy hundreds of telnet servers to increase the rate of mapping, rather than just running a few for a couple of months."


Did you know: Key business communication services may not work on the NBN?

Would your office survive without a phone, fax or email?

Avoid disruption and despair for your business.

Learn the NBN tricks and traps with your FREE 10-page NBN Business Survival Guide

The NBN Business Survival Guide answers your key questions:

· When can I get NBN?
· Will my business phones work?
· Will fax & EFTPOS be affected?
· How much will NBN cost?
· When should I start preparing?


Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.