mirai


Today, Fortinet released our quarterly Threat Landscape Report for Q4 of 2016. The data in it was drawn from millions of security devices located around the world that analyze up to 50 billion threats a day. Which means that the conclusions and trends detailed in this report are based on over a trillion security events that occurred between Oct 1 and Dec 31, 2016. [Read More]
by RSS Derek Manky  |  Mar 28, 2017  |  Filed in: Security Research
Digital Video Recorders / Network Video Recorders (DVR/NVR) Back in 2015, our telemetry detected a relatively small number of IPS signature hits on known vulnerabilities targeting DVR/NVR devices (~ 749 hits). In 2016, however, we saw this number increase alarmingly to around 1.5 million hits. By using a size comparison chart again, we can see the huge increase more clearly when we compare both years, as shown below: The question, of course, is what contributed to this huge increase in detected hits? Once again, let’s look at the... [Read More]
by RSS Gavin Chow  |  Mar 24, 2017  |  Filed in: Security Research
Attacks targeting and originating from IoT devices began grabbing news headlines toward the last quarter of 2016. Insecure IoT devices became the low-hanging fruit for threat actors to easily exploit. Some were even notoriously used as botnets to launch DDoS attacks against selected targets. For example, the infamous Mirai botnet exploited weak login vulnerabilities in insecure IoT devices such as IP cameras and home routers, and was responsible for one of the largest known DDoS attacks to date. Besides being used in DDoS attacks, exploited IoT... [Read More]
by RSS Gavin Chow  |  Mar 06, 2017  |  Filed in: Security Research
A few days ago, a variant of Mirai hit a German telco, forcing 900,000 customers off the Internet. The FortiGuard team has issued an AV signature for it, named Linux/Mirai.B!worm. Several binaries were found in the wild for different architectures. I'll examine the one for ARM here, as that's the architecture I'm the most familiar with. A look at the strings in the binary reveals the following: [Read More]
by RSS Axelle Apvrille  |  Dec 08, 2016  |  Filed in: Security Research
A well-known aspect of criminals in any space is that they are unpredictable. They look for holes and vulnerabilities in systems and try to use them to their advantage. Security systems, therefore, have to be architected in a way that assumes attack unpredictability. A new threat emerging on the horizon is called BlackNurse DDoS attack. Fortinet protects organizations against this content based protection, with the IPS signature  "BlackNurse.ICMP.Type.3.Code.3.Flood.DoS", as well as with behavior-based protection through our FortiDDoS... [Read More]
by RSS Hemant Jain  |  Nov 14, 2016  |  Filed in: Industry Trends & News
Ever since the Mirai DDoS attack was launched a few weeks ago, we have received a number of questions that I will try to answer here. If you have more follow-up questions, please let me know! Who is the Author of Mirai? The presumed developer goes under the pseudonym of 'Anna Senpai' on Hackforums - an English-speaking hacker forum. His/her account on the forum is recent (July 2016). and was probably created when he/she started working on Mirai. For example: July 10 - Begins "killing QBots" August... [Read More]
by RSS Axelle Apvrille  |  Oct 31, 2016  |  Filed in: Industry Trends & News
As further details become available for the massive distributed denial of service attack against Dyn on Oct 21 2016, here are some things FortiDDoS customers can do to protect themselves from a potential Internet of Things (IoT) botnet-based DDoS attack like Mirai. Mirai spreads by compromising vulnerable IoT devices such as DVRs. Many IoT manufacturers failed to secure these devices properly, and they don't include the memory and processing necessary to be updated. They are also usually not in control of the destination of their outbound... [Read More]
by RSS Hemant Jain  |  Oct 24, 2016  |  Filed in: Industry Trends & News
It happened again. This past weekend we witnessed another record-setting DDoS attack, probably primarily caused by infected IoT devices. This attack is attributed to the same piece of code - Linux/Mirai - which attacked KrebsOnSecurity.com and OVH in September. List of Attacks Attributed to Linux/Mirai Date Where Rate Comments Oct 21, 2016 Dyn DNS ? Some of the attacks were coming from hosts infected... [Read More]
by RSS Axelle Apvrille  |  Oct 24, 2016  |  Filed in: Security Research