Content, Network Security, Breach

Mirai Malware Authors Plead Guilty to DDoS Botnet Attacks

Three men have pleaded guilty to creating and using Mirai malware to launch distributed denial-of-service (DDoS) attacks on several large internet companies last year. The men will be sentenced next year and face up to five years in prison and $250,000 in fines, according to Dark Reading.

In a plea agreement, Paras Jha and Josiah White said they created the Mirai malware in conjunction with Dalton Norman, Dark Reading reported. Together, the Mirai co-authors used the malware to build a botnet of infected devices.

The Mirai co-authors infected roughly 300,000 Internet of Things (IoT) devices globally in 2016, Dark Reading indicated. They also exploited both previously known and unknown vulnerabilities as part of their DDoS attacks.

Mirai Botnet: Here's What You Need to Know

The Mirai botnet is a DDoS attack network comprised of infected home routers, web-connected security cameras and other IoT devices. It was used to launch DDoS attacks against a victim's IP addresses, and at times, generated DDoS traffic in excess of 1 Tbps.

The first details about Mirai emerged after a DDoS attack that reached 620 Gbps was launched against KrebsonSecurity on Sept. 20, 2016. Ten days later, the Mirai source code was publicly released via hacking community Hack Forums by a user with the screen name "Anna-senpai."

Mirai later was used to launch a DDoS attack against French hosting company OVH; this attack reached 1 Tbps. It also was leveraged as part of a DDoS attack against domain name service (DNS) product suite company Dyn in October 2016; this attack included up to 100,000 malicious endpoints, according to Dyn.

Why Should MSSPs Offer IoT Security Services?

Poor security on IoT devices often makes them soft targets for cyberattackers. Fortunately, MSSPs can offer IoT security services to help customers reduce the risk of breaches due to botnets and other cyber threats.

Meanwhile, MSSPs that enter the IoT security market now may be better equipped than ever before to capitalize on a rapidly growing sector.

The global IoT security market is projected to expand at a 34.4 percent compound annual growth rate (CAGR) between 2017 and 2022, market research firm MarketsandMarkets said in a prepared statement. Furthermore, MarketsandMarkets has predicted the global IoT security market could be worth approximately $29 billion by 2022.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.