Three men have pleaded guilty to creating and using Mirai malware to launch distributed denial-of-service (DDoS) attacks on several large internet companies last year. The men will be sentenced next year and face up to five years in prison and $250,000 in fines, according to Dark Reading.
In a plea agreement, Paras Jha and Josiah White said they created the Mirai malware in conjunction with Dalton Norman, Dark Reading reported. Together, the Mirai co-authors used the malware to build a botnet of infected devices.
The Mirai co-authors infected roughly 300,000 Internet of Things (IoT) devices globally in 2016, Dark Reading indicated. They also exploited both previously known and unknown vulnerabilities as part of their DDoS attacks.
Mirai Botnet: Here's What You Need to Know
The Mirai botnet is a DDoS attack network comprised of infected home routers, web-connected security cameras and other IoT devices. It was used to launch DDoS attacks against a victim's IP addresses, and at times, generated DDoS traffic in excess of 1 Tbps.
The first details about Mirai emerged after a DDoS attack that reached 620 Gbps was launched against KrebsonSecurity on Sept. 20, 2016. Ten days later, the Mirai source code was publicly released via hacking community Hack Forums by a user with the screen name "Anna-senpai."
Mirai later was used to launch a DDoS attack against French hosting company OVH; this attack reached 1 Tbps. It also was leveraged as part of a DDoS attack against domain name service (DNS) product suite company Dyn in October 2016; this attack included up to 100,000 malicious endpoints, according to Dyn.
Why Should MSSPs Offer IoT Security Services?
Poor security on IoT devices often makes them soft targets for cyberattackers. Fortunately, MSSPs can offer IoT security services to help customers reduce the risk of breaches due to botnets and other cyber threats.
Meanwhile, MSSPs that enter the IoT security market now may be better equipped than ever before to capitalize on a rapidly growing sector.
The global IoT security market is projected to expand at a 34.4 percent compound annual growth rate (CAGR) between 2017 and 2022, market research firm MarketsandMarkets said in a prepared statement. Furthermore, MarketsandMarkets has predicted the global IoT security market could be worth approximately $29 billion by 2022.