State of the Internet: Mirai, IOT and History of Botnets

State of the Internet: Mirai, IOT & History of Botnets

Ashvini Singhal, Head - Security Operations Center, Akamai

©2015 AKAMAI | FASTER FORWARDTMAkamai Confidential

Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection.

Internet- Threat Lanscape


DDoS Attack Trends


What Comes to Mind When your Hear the Word?

BotNet


DDoSMalware

Service DisruptionSomething “Bad”


A group of internet-connected devices controlled by a central system

What does a BotNet Really Mean?


Lee Enfield No.4 Mk2

Firepower - Then


Firepower - NOW


What made it so EASY?


IOT – Internet of Things


Large Attacks – Q3 2016


Large Attacks – Q4 2016


Botnet Attacks


Mirai- Botnet


Mirai (Japanese for “The Future”)

What is Mirai?

This tool achieved particular notoriety for its specific targeting of IoT devices, such as IP cameras, WiFi-connected refrigerators, unsecured home routers, etc.


3 Typical Attack Targets:

• Datacenter routing• DNS• Application

Problem is, if any of the 3 are taken out, the entire enterprise is taken out

Unlike many Attack Bots, Mirai can be very specifically aimed at all 3 targets with great accuracy

Mirai Baseline


Mirai – Attack Vector


Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks.

Command and Control

Report server

Infection server

Manually Infected IoT Device

Component's of the Mirai Bot Net


Life Form



1.1.1.1 admin admin✓

1.1.1.1 admin admin ✓

The IoT Bot scans the internet for other devices and test default username and password combos Successful results are sent to the Report server. Report server sends results to the Infection server to infect new bot. Bots come online and connect to the C2 for instructs and maintain heartbeatBots come online and connect to the C2 for instructs and maintain heartbeat and restarts processes.

C2

Report

Infection

Basic Anatomy IoT infection


Mirai – Scanning


Mirai Attack – DNS Variant


Mirai Attack – Broad Spectrum Attack


What Can You Do?

Phase 1 • Strict access controls on your firewall(Datacenter, Web and DNS)

Phase 2 • Loosen your Phase I controls to bring secondary services back online

Phase 3 • Bring all services back online

KNOW YOUR ENVIRONMENT



A Pervasive Platform:

• Every major city• Every major network• One network hop away from 95% users

Accelerating:• 5 of the top 5 high tech firms• 3 of the top 3 stock exchanges• 5 of the top 5 M&E firms• 5 of the top 5 ecommerce firms

Akamai has 400+ customers in India, including the who’s who of the Indian Enterprise!

Akamai in India



216,000+ servers1,500+ networks

650+ cities120+ countries

A GLOBAL PLATFORM

All top 60 eCommerce sitesAll top 30 M&E companies

All branches of the U.S. militaryAll top 10 banks

DELIVERING 13+ MILLION HOSTNAMES

40+ million hits per second2+ trillion deliveries per day

30+ terabits per second

ACCELERATING DAILY TRAFFIC OF

Akamai Today

Delivering 15-30+% of All Web Traffic



Thank You!

Technology

State of the Internet: Mirai, IOT and History of Botnets