Intermittent DDoS attacks one of the largest Mirai malware powered botnets targeted Liberia, the African nation, ended yesterday. Could this be a warning for a bigger attack yet to come?
Researcher Kevin Beaumont identified the unusual attack on Thursday and gave the news that the registrar eNOM has disabled the domain administrating the attacker’s C&C (Command and Control) infrastructure; that domain antecedes the DDoS attacks on DynDNS.
Although the attacks against Libera have ceased, they did interrupt the internet service of the entire country, and one of the mobile services providers informed the IDG news service the DDoS attacks were ‘killing’ its business and revenues.
The security architect at a private U.K. company, Kevin Beaumont, said that Liberia has only one undersea cable that is servicing the Internet connectivity to the entire country with a capacity of just 5.12 Tbps. The cable is 6,000 meters below on sea level and provides internet connectivity to more than 23 countries across Africa and Europe.
He told that the botnet was capable of generating 500 Gbps of traffic, which made it among the largest attack ever to go on record publicly. The researcher believes that this was just a test of DDoS attack capability before a full-fledged attack against a nation.
He told Kaspersky Lab, “The attacks were short in duration, done in different ways against the same targets over a prolonged period, and against a nation which has some unusual characteristics – small, low profile, low percentage of Internet use per head.”
While monitoring the activity of botnets on Thursday, the attackers pointed – in their botnet DDoS attack – the botnet monitoring service MalwareTech, tracking their activities and mentioned Beaumont in a threat ‘Kevin lies in fear.’
Beaumont told that he believe that the attackers were trying to silence the security researchers.
Mirai is malware that scans and compromises Internet-connected devices with inadequate security such as IP-enabled cameras and DVRs. After the leak of the malware’s source code leak in October, many threat actors have adopted the Mirai malware and have taken advantage to compromise IoT devices for botnet (a large chunk of connected devices) attacks.
Two weeks ago, DNS services provider Dyn experienced two DDoS attacks that affected not only high profile services that are using DynDNS such as Netflix, Twitter, and others but also slowed down the Internet service across U.S. East Coast. The same Mirai malware was used against the web host service OVH; according to researchers, both attacks are larger than the DDoS attacks against Liberia.
Beaumont told Kaspersky Lab that “Mirai malware powered devices make up lots of different botnets. Threat actors ‘own’ a device and recruit it into their botnet,” “The largest of the tracked Mirai botnets is this one.”
Beaumont told that the last C&C server controlling the botnet had a Ukraine IP address, but to be cautious, this could be an attempt at misdirection; also the attack happened at certain times during the day.
With every eye are on the upcoming U.S. presidential election on Tuesday, security experts are concerned about the hacking attempt to interfere with the voters casting. One of the media channels, NBC News, reported yesterday that intelligence agencies and law enforcement are carrying out a coordinated effort to counter any attempt to sway voters through social media or worse attacks.
According to NBC, One of Obama administration officials said, “We need to be prepared on every front, not just technical but messaging, and so on, because any reporting irregularity could be incredibly disruptive.” “They can cause tremendous chaos, and by the time we can attribute, the damage may have already been done.”
Share this article
About the Author
Peter Buttler an Infosec Journalist and Tech Reporter, Member of IDG Network. In 2011, he completed Masters in Cybersecurity and technology. He worked for leading security and tech giants as Staff Writer. Currently, he contributes to a number of online publications, including The Next Web, CSO Online, Infosecurity Mag, SC Magazine, Tripwire, GlobalSign CSO Australia, etc. His favorite areas Online Privacy, AI, IoT, VR, Blockchain, Big Data, ML, Fintech, etc. You can follow him on twitter.
More from Peter ButtlerRelated Posts
Passengers’ Data Stored on User Devices, not on DigiYatra Storage, says India Govt
KEY TAKEAWAYS Unblocking streaming content from Amazon Prime is easy only if you know the reliable V...
NCSC Chief: Clear Rules Needed to Prevent Cyberspace Conflict and Struggle
A safe and secure digital world necessitates a clear definition and enforcement of international cyb...
‘Revive’ has been upgraded to a banking Trojan on Android
This month, Cleafy’s security researchers discovered a new Android Banking Trojan in the wild....
Asian Industrial Control Systems Targeted by Hackers Using the Shadowpad Backdoor
Unpatched Microsoft Exchange servers in various Asian countries were the target of an attack campaig...
Data Breaches Could Occur Due to Kubernetes Misconfigurations That Were Leaked.
Over 900,000 Kubernetes (K8s) have been discovered to be vulnerable to malicious scans and/or data-e...
Attacks by Cybercriminals Will Become the Main Threat in 2024. Privacy Issues Tendencies
Internet Privacy is the main Concern today Advertisers track your online activities and interf...
