IoT Security Hardening: Mirai and Reaper Botnet, Turf Warfare and Malware Analysis
The Mirai botnet, powered primarily by IoT devices, was responsible for the DDoSing of several high-profile targets in 2016-2017 — serving as a wake-up-call to IoT manufacturers and security professionals to increase the baseline security of IoT devices. Since its open-source release, Mirai’s source code has fuelled an almost exponential development for more other botnet variants like IoT_reaper, Hajme and BrickerBot. Background – Incident Timeline Coined ‘Mirai’ – meaning ‘for future’ in Japanese, the botnet was first identified in August 2016 by the security research group ‘MalwareMustDie’. Soon after, Mirai will be known as the vehicle for some of the most effective DDoS attacks in history – scanning and attacking vulnerable IoT devices with a short list of 62 default usernames and passwords. In September 2016, KrebsOnSecurity was DDoSed by 620 Gbps of traffic driven by Mirai. Paralleling this attack, the French webhost cloud service provider OVH was a