Intermittent DDoS attacks one of the largest Mirai malware powered botnets targeted Liberia, the African nation, ended yesterday. Could this be a warning for a bigger attack yet to come?
Researcher Kevin Beaumont identified the unusual attack on Thursday, and gave news that the registrar eNOM has disabled the domain administrating the attacker’s C&C (Command and Control) infrastructure; that domain antecedes the DDoS attacks on DynDNS.
Although the attacks against Libera has ceased, they did interrupt the internet service of the entire country, and one of the mobile services providers informed the IDG news service the DDoS attacks were ‘killing’ its business and revenues.
The security architect at a private U.K. company, Kevin Beaumont, said that Liberia has only one undersea cable that is servicing the Internet connectivity to the entire country with the capacity of just 5.12 Tbps. The cable is 6,000 meters below on sea level and provides internet connectivity to more than 23 countries across Africa and Europe.
He told that the botnet was capable of generating 500 Gbps of traffic, which made it among the largest attack ever to go on record publicly. The researcher believes that this was just a test of DDoS attack capability before a full-fledged attack against a nation.
He told Kaspersky Lab, “The attacks were short in duration, done in different ways against the same targets over a prolonged period, and against a nation which has some unusual characteristics – small, low profile, low percentage of Internet use per head.”
While monitoring the activity of botnets on Thursday, the attackers pointed – in their botnet DDoS attack – the botnet monitoring service MalwareTech, tracking their activities and mentioned Beaumont in a threat ‘Kevin lies in fear.’
Beaumont told that he believe that the attackers were trying to silence the security researchers.
Mirai is a malware that scans and compromise Internet-connected devices with inadequate security such as IP-enabled cameras and DVRs. After the leak of malware’s source code leak in October, many threat actors has adapted the Mirai malware and has taken advantage to compromise IoT devices for botnet (a large chunk of connected devices) attacks.
Two weeks ago, DNS services provider Dyn experienced two DDoS attack that affected not only high profile services that are using DynDNS such as Netflix, Twitter, and others but also slowed down the Internet service across U.S. East Coast. The same Mirai malware was used against the web host service OVH; both according to researchers both the attacks are larger than the DDoS attacks against Liberia.
Beaumont told Kaspersky Lab, that “Mirai malware powered devices make up lots of different botnets. Threat actors ‘own’ a device and recruit it into their botnet,” “The largest of the tracked Mirai botnets is this one.”
Beaumont told that the last C&C server controlling the botnet had a Ukraine IP address, but to be caution, this could be an attempt at misdirection; also the attack happened at certain times during the day.
With every eye are on upcoming U.S. presidential election on Tuesday, security experts are concerned about the hacking attempt to interfere the voters casting. One of the media channels, NBC News, reported yesterday that a coordinated effort is being carried out by intelligence agencies and law enforcements to counter any attempt to sway voters through social media or worse attacks.
According to NBC, One of Obama administration officials said, “We need to be prepared on every front, not just technical but messaging, and so on, because any reporting irregularity could be incredibly disruptive.” “They can cause tremendous chaos, and by the time we can attribute, the damage may have already been done.”