Following a large-scale DDoS (distributed denial of service) attack targeted at Brian Krebs’ security blog at krebsonsecurity.com, US-CERT (United States Computer Emergency Readiness Team) is warning of heightened DDOS threats on the web.
A DDoS attack, at its core, is the act of overloading a website or service by overloading a server (or servers) with an incredibly high volume of requests. In the case of the attack noted above, Krebs’ blog was flooded with requests exceeding 620 gigabits per second — the highest recorded.
DDoS attacks are generally perpetrated by computers/servers that have been compromised with malicious software (malware). When combined, these compromised systems form what is referred to as a botnet, and can easily flood servers with requests that can deny access and make it appear as if the website/service is down.
The US-CERT alert, issued last week, one such malware infection is called ‘Mirai’. According to US-CERT:
The Mirai malware continuously scans the Internet for vulnerable IoT devices, which are then infected and used in botnet attacks. The Mirai bot uses a short list of 62 common default usernames and passwords to scan for vulnerable devices. Because many IoT devices are unsecured or weakly secured, this short dictionary allows the bot to access hundreds of thousands of devices. The purported Mirai author claimed that over 380,000 IoT devices were enslaved by the Mirai malware in the attack on Krebs’ website.
US-CERT has provided a list of instructions on mitigating the threat of Mirai specifically here. In addition, an in-depth list of preventative steps have been provided (which are great for network security, in general).
Users at home and business should frequently scan their computers for malware and ensure their anti-malware’s definitions are updated. In addition, users should back up their data as frequently as possible to prevent data loss.