Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How will Mirai emerge in 2017?

Chris Brown, Vice President, EMEA And APAC, Digital Shadows | Jan. 26, 2017
As bad as this has been, could the worst be yet to come?

This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.

The world first became aware of Mirai when it unleashed a trail of havoc by apparently taking down Twitter, Netflix, and Amazon (amongst others) in October 2016. Descriptors from sections of the press ranged from 'digital nuclear attack' to 'zombie apocalypse'. Since that time, threat actors have indicated that the number of infected devices has risen significantly and it has been implicated with attacks on a Singapore telco - Starhub, internet connectivity in Liberia, and even home routers of customers at a UK broadband provider. As bad as this has been, could the worst be yet to come?

But what does this mean for organisations in 2017 and beyond?

Well organisations should ask how prepared they are to combat the threat from DDoS and Mirai based attacks and think laterally to consider how their customers could become targets too. How would they would advise them should that become the case? Of course the threat from Mirai itself could peter out and its variants lack capability. However DDoS itself shows no sign of disappearing as a weapon in the kitbag of both cybercriminals and hacktivists so it's important for organisations to get their policies and procedures in place.

A timeline of Mirai activity, from August to December. Click on image to enlarge.

Mirai means 'the future'
The translation of 'Mirai' from Japanese is 'the future'. Perhaps its maker harbored greater ambitions, or perhaps it was meant to signal a new era in cybersecurity. Either way, the public release of Mirai's source code has made launching large-scale DDoS attacks easier.

Although a certain level of technical capability is required to install and operate Mirai, it has the potential to act as a force multiplier for a range of actors engaging in DDoS attacks, including hacktivists, extortionists, and politically-inspired actors.

Yet history tells us that not all malware variants developed from published source code are successful, and not all of them will become prominent. A great example of this evolutionary phase occurred in 2015, when the source code for the 'hidden tear' ransomware was published online and made available for anyone who cared to use it.

While the code was used in numerous new variants, many contained serious problems, such as 'Cryptear' that was discovered in January 2016 and was all but unusable due to the use of an encryption routine that was easily overcome by researchers.

Nuts and bolts are there for new variants
However, published source code does provide access to the nuts and bolts of functioning malware that can be modified or improved to create new variants. When combined with the appropriate resourcing and capability, it has the potential to lead to the emergence of a handful of prominent malware variants.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.