- Threat Intelligence
- Someone is Using Mirai Botnet to Shut Down Internet for an Entire Country
Someone is Using Mirai Botnet to Shut Down Internet for an Entire Country
- Source:Sangfor Security Center
- Date Published:2016-11-10
We have published an updated article on what really happened behind the alleged DDoS attack against Liberia using Mirai botnet.
Someone is trying to take down the whole Internet of a country, and partially succeeded, by launching massive distributed denial-of-service (DDoS) attacks using a botnet of insecure IoT devices infected by the Mirai malware.
It all started early October when a cyber criminal publicly released the source code of Mirai – a piece of nasty IoT malware designed to scan for insecure IoT devices and enslaves them into a botnet network, which is then used to launch DDoS attacks.
Just two weeks ago, the Mirai IoT Botnet caused vast internet outage by launching massive DDoS attacks against DNS provider Dyn, and later it turns out that just 100,000 infected-IoT devices participated in the attacks.
Experts believe that the future DDoS attack could reach 10 Tbps, which is enough to take down the whole Internet in any nation state.
One such incident is happening from past one week where hackers are trying to take down the entire Internet of Liberia, a small African country, using another Mirai IoT botnet known as Botnet 14.
Security researcher Kevin Beaumont has noticed that Botnet 14 has begun launching DDoS attacks against the networks of "Lonestar Cell MTN ", the telecommunication company which provides the Internet to 10-15% of Liberia via a single entry point from undersea fiber cable.
"From monitoring, we can see websites hosted in country going offline during the attacks — Additionally, a source in country at a Telco has confirmed to a journalist they are seeing intermittent internet connectivity, at times which directly match the attack," Beaumont said in a blog post published today.
According to Beaumont, transit providers confirm that the attacks were over 500 Gbps in size, but last for a short period. This volume of traffic indicates that the "Shadows Kill" Botnet, as the researcher called it, is "owned by the actor which attacked Dyn."
Why Taking Down Liberia's Internet Is easy?
Over a decade of civil war in Liberia destroyed the country's telecommunications infrastructure, and at that time a very small portion of citizens in Liberia had access to the internet via satellite communication.
However, some progress were made later in 2011 when a 17,000 km Africa Coast to Europe (ACE) submarine fiber-optic cable was deployed from France to Cape Town, via the west coast of Africa.
The ACE fiber cable, at depths close to 6,000 meters below sea level, eventually provides broadband connectivity to more 23 countries in Europe and Africa.
What's shocking? The total capacity of this cable is just 5.12 Tbps, which is shared between all of the 23 countries.
Since massive DDoS attack against DynDNS used a Mirai botnet of just 100,000 hacked IoT devices to close down the Internet for millions of users, one can imagine the capability of more than 1 Million hacked IoT devices, which is currently in control of the Mirai malware and enough to severely impact systems in any nation state.
This is extremely worrying because, with this capacity, not just Liberia, an attacker could disrupt the Internet services in all 23 countries in Europe and Africa, which relies on the ACE fiber cable for their internet connectivity.
The root cause? More insecure, vulnerable IoT devices, more Mirai bots.
So, in order to protect yourself, you need to be more vigilant about the security of your smart devices because they are dumber than one can ever be.