Take a similar example - the use of the leaked Gozi banking Trojan source code to develop the GozNym banking Trojan. In this instance, developers took the web-inject module of Gozi and combined it with that of the Nymaim Trojan. As of April 2016, GozNym had reportedly resulted in the theft of $4 million.
One of the reasons Mirai is malicious lies in its capability to create botnets from a range of specialist internet enabled devices. Many of these Internet of Things devices, such as automatic number plate recognition systems, TV set boxes, mobile devices, modems and home routers are inherently insecure, difficult to retrofit with adequate security and relatively easily to compromise via research of default manufacturer passwords. This makes Mirai more potent and many criminal groups are well resourced with the means and motivation to continually develop their 'product' and take it to market.
The emergence of 'crowdfunded extortion' post Mirai
We are already seeing instances of new business models emerge since Mirai. On November 22, 2016, the US-based web hosting and building service Squarespace was affected by two DDoS attacks that affected customers for over nine hours - taking down many of the small ecommerce shops which depend on its service.
Twitter accounts responded to statements by Squarespace, claiming to be a previously known threat actor called "vimproducts", which has advertised DDoS services on the AlphaBay dark web marketplace. These accounts claimed responsibility for the DDoS attacks and attempted to extort Squarespace for up to $2,000 USD. In one post on Pastebin, the author described this as a 'crowdfunded extortion'.
While there was no evidence of a ransom being paid, the targeting of organisations' customers is a worrying trend. It's also not too much of a leap to imagine how this could potentially evolve - for example major gaming networks have been the targets of DDoS many times before. It might be that the players themselves become targets and asked to 'pay up' less their game time be interrupted.
Planning ahead in 2017
There are many scenarios that could emerge in 2017 now that criminals are potentially empowered with a powerful new tool which they only just beginning to understand. Organisations should ask how prepared they are to combat the threat from DDoS and Mirai based attacks, and think laterally to consider how their customers could become targets too. How would they would advise them should that become the case?
Of course the threat from Mirai itself could peter out and its variants lack capability. However DDoS itself shows no sign of disappearing as a weapon in the kitbag of both cybercriminals and hacktivists, so it's important for organisations to get their policies and procedures in place.
Sign up for CIO Asia eNewsletters.