Mirai Malware: How to Protect Yourself from the Internet of Things (IoT Exploit)

Media Division | October 31, 2016

By 2020, analyst firm Gartner predicts that over 26 billion devices will be connected to the internet. From our watches, phones, and televisions, to our coffee makers, refrigerators and washing machines – if the device can be connected, it’s likely that it will be in just a few short years.

The Internet of Things is, simply put, the connection of the internet to anything that can be plugged in and turned on. The more devices that are connected, the more they can communicate with one another, creating a more convenient life for the consumer. While these technology advancements in our everyday life are only becoming more prevalent, so are the potential threats that come with them.

Anyone who owns a computer is familiar with the threat of viruses and the security software on the market to protect themselves and their information. Many of today’s internet-connected devices, though, such as smart televisions and home security systems are still susceptible to being hacked due to their weak security.

Mirai is a form of malware that is currently preying specifically on smart IoT devices to assist in executing their attacks.
Japanese for “future”, Mirai recently performed a large-scale hack directed against internet performance management company Dyn. Using a Direct Denial of Service, or DDOS, this attack brought down major websites including Amazon, Twitter, and Spotify on the morning of October 21st.

Investigative reporter and cyber-criminal journalist Brian Krebs was directly affected by the DDOS and weighed in on the innerworkings of Mirai.

“The Botnet scans the internet for IoT systems that are protected by factory default or hard-coded usernames and passwords. Botnets can exploit weak security measures such as standard username and password combinations (i.e., admin, 1111) across devices. These systems are infected with malware, which directs them to a central control system, where they are prepared to launch an attack to take websites offline.”

According to telecommunications and internet service company Level 3 Communications, there are now over a half a million Mirai-powered bots worldwide, with the highest concentration of hacked IoT devices in the United States, followed by Brazil and Colombia.

What Can I Do to Protect My Internet Connected Devices?

If your system has already been infected by a botnet like Mirai, the first step is to turn off and reboot the device’s computer. This will clear your device of the malware, but due to the high frequency at which botnets scan the internet, simply turning it off and on again doesn’t protect it from future attacks.

Check to see if the default credentials are still in use on your device. If so, change them immediately. Be sure that your password is strong, and stay up-to-date with current software updates from the vendor.

Universal Plug and Play, or UPnP is a default application pre-installed on routers that uses Internet and Web protocol to enable intelligent appliances and wireless devices to be plugged into a network and automatically know about one another.

UPnP poses a security issue because it can easily allow what looks like a trusted local network to be forwarded without the computer owner’s knowledge.

Geektogeek.com expanded on this issue, “UPnP doesn’t require any sort of authentication from the user. Any application from your computer can ask the router to forward a port over UPnP. You might assume that you’re secure as long as no malware is running on any local devices – but you’re probably wrong.”

UPnP has caused such concern at times in the cyber security community that in 2001, it was formally recommended by the FBI’s National Infrastructure Protection Center for any users to disable UPnP from their routers due to a buffer overflow in Windows XP.

After realizing that the source of the problem was not in fact UPnP, the instruction was later corrected. Still, it is recommended that unless the user needs applications that require port forwarding, UPnP should be disabled for optimum security.

As experts only begin to scratch the surface in the complexity of the Mirai threat, it should serve as reminder that this type of malware can infect anyone’s devices that are under minimal security.

To better ensure your own safety from an attack, research any device before purchasing and plugging in, and always take maximum security measures before allowing your connected devices to communicate inside and outside the home.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.