ITEM: The Mirai malware that has been plaguing everyone from Brian Krebs and StarHub to Deutsche Telekom is so ubiquitous that Mirai botnets are reportedly now available for rent.
According to Bleeping Computer, two hackers are renting access to a massive Mirai botnet comprising more than 400,000 infected bots, ready to initiate DDoS attacks for anyone who wants to pay the rental fee.
A Flashpoint report says that multiple Mirai botnets have popped up all over the internet after the creator of Mirai released it as open-source malware. According to security researchers 2sec4u and MalwareTech, who have been tracking the botnets, most botnets are pretty small, but they’ve found one that is strikingly large in scale, Bleeping Computer reports:
“You can see when they [massive botnet operators] launch DDoS attacks because the graph on my tracker drops by more than half,” MalwareTech told Bleeping Computer. “They have more bots than all the other Mirai botnets put together.”
Last week, two hackers launched a spam email campaign advertising a “DDoS-for-hire” service built on a Mirai botnet of 400,000 infected devices – which would be twice the size of the original Mirai botnet.
It’s unclear if that’s the same botnet spotted by 2sec4u and MalwareTech, or whether the service works as advertised (or works at all). However, the two hackers reportedly have pretty high credentials in the hacker community.
The business model is interesting: customers must rent for a minimum period of two weeks, but they can choose bot quantity, attack duration and cooldown time (the period between consecutive DDoS attacks). Basically, the more bots and the longer the duration time, the more money you have to pay:
Popopret provided an example: “price for 50,000 bots with attack duration of 3600 secs (1 hour) and 5-10 minute cooldown time is approx 3-4k per 2 weeks.” As you can see, this is no cheap service.
You know you’ve reached some kind of tipping point in the network security wars when hackers start their own DDoS-as-a-service business.
And it’s not going to get any better for some time. On Tuesday, Intel Security released its McAfee Labs 2017 Threats Predictions Report, which identifies critical developments to watch for in cloud security and IoT security, and lists 14 threat trends to watch in 2017.
Here they are:
- Ransomware attacks will decrease in volume and effectiveness in the second half of 2017.
- Windows vulnerability exploits will continue to decline, while those targeting infrastructure software and virtualization software will increase.
- Hardware and firmware will be increasingly targeted by sophisticated attackers.
- Hackers using software running on laptops will attempt “dronejackings” for a variety of criminal or hacktivist purposes.
- Mobile attacks will combine mobile device locks with credential theft, allowing cyber thieves to access such things as banks accounts and credit cards.
- IoT malware will open backdoors into the connected home that could go undetected for years.
- Machine learning will accelerate the proliferation of and increase the sophistication of social engineering attacks.
- Fake ads and purchased “likes” will continue to proliferate and erode trust.
- Ad wars will escalate and new techniques used by advertisers to deliver ads will be copied by attackers to boost malware delivery capabilities.
- Hacktivists will play an important role in exposing privacy issues.
- Leveraging increased cooperation between law enforcement and industry, law enforcement takedown operations will put a dent in cybercrime.
- Threat intelligence sharing will make great developmental strides in 2017.
- Cyber espionage will become as common in the private sector and criminal underworld as it is among nation-states.
- Physical and cybersecurity industry players will collaborate to harden products against digital threats.
Good times, eh Jim?