'I’m Afraid, Dave' - Global Havoc-Causing Mirai Malware Evolves, Adapts

Mirai (from a Japanese word meaning ‘the future') is a type of malware that not only hijacks ‘zombie' computers, but also finds Internet of Things (IoT) devices (‘smart' appliances able to transmit data over a network using embedded sensors) and conscripts them into a botnet to launch crippling distributed denial of service (DDoS) attacks.

A recent large-scale attack on internet-backbone company Dyn was attributed to the implementation of Mirai, and caused outages at major sites including Twitter, Reddit and Spotify. Hackers releasing personalized versions of Mirai disrupted internet service for more than 900,000 Deutsche Telecom customers in Germany, and infected as many as 2,400 TalkTalk routers in the UK. This week, SEC Consult found a backdoor in 80 different Sony camera models, making them vulnerable to the malware.

Things got worse after the hacker responsible for creating Mirai released its  source code in September, effectively letting anyone build their own attack army using the malware.

"It's accelerating because there's a wide-open, unprotected landscape that people can go to," said Chris Carlson, vice president of product management at Qualys. "It's a gold rush to capture these devices for botnets."

While the technology behind the botnet is not new, it's implementation is unique, as Mirai has proven itself to be remarkably adaptive, allowing hackers to add new features and distribute updated versions. As a result, more IoT devices can be added to a zombie botnet, increasing its utility.

What also makes Marai particularly difficult to control is that while users promptly notice the effects of malware on desktop computers, IoT devices, including routers, are meant to function with minimal human interaction, making botnets created with Mirai less detectable.

"There was an idea that maybe the bots would die off or darken over time, but I think what we are seeing is Mirai evolve," said John Costello, a senior analyst at the security intelligence firm Flashpoint, cited by Wired. "People are really being creative and finding new ways to infect devices that weren't susceptible previously. Mirai is not going away."