Mirai Botnet

 
Mirai Botnet
 
Maneth Balasooriya and Jacob Gottschalk
 
Overview
 
Distributed Denial-of-Service attack via IoT
device botnet
ARC processor Linux devices: IP cameras,
DVRs, etc.
 
Origin
 
Minecraft server protection
racket
Source code posted on GitHub
 
Major Incidents
 
KrebsOnSecurity
OVH
Dyn
 
Method
 
Replication Module and Attack
Module
Brute force login to IoT device
Originally 64 common /
manufacturer-specified login
credentials
SYN/ACK/GRE/HTTP flood
 
Infrastructure
Command & Control
Report Server
Bot Net
DDoS Victim
IoT Victim
Loader
 
Attack Module
 
Replication Module
 
Mitigation and
Defense
 
Eliminate default credentials
Auto-patching
Limit login attempts
 
Sources
 
USENIX Security ’17 - Understanding the Mirai Botnet 
https://www.youtube.com/watch?v=1pywzRTJDaY
Inside the infamous Mirai IoT Botnet: A Retrospective Analysis 
https://blog.cloudflare.com/inside-mirai-the-infamous-iot-
botnet-a-retrospective-analysis/
Check Point Research. (2017). IoT Goes Nuclear: Creating a ZigBee Chain Reaction. Check Point Software Technologies Ltd.
Available at: 
https://research.checkpoint.com/iot-goes-nuclear-creating-zigbee-chain-reaction/
Paxson, V. (2017). Lessons from the Mirai botnet. Communications of the ACM, 60(7), 38-43. Available
at: 
https://dl.acm.org/doi/abs/10.1145/3097193
Krebs, B. (2016). A peek inside the Mirai botnet. KrebsOnSecurity. Retrieved from 
https://krebsonsecurity.com/2016/10/a-
peek-inside-the-mirai-botnet/
"Mirai Botnet: A Roadmap to Segmentation," Trend Micro, 
https://www.trendmicro.com/vinfo/us/security/news/internet-
of-things/mirai-botnet-a-roadmap-to-segmentation
Slide Note
Embed
Share

The Mirai Botnet, created by Maneth Balasooriya and Jacob Gottschalk, is a notorious IoT botnet known for Distributed Denial-of-Service attacks on devices like IP cameras and DVRs. It originated from a Minecraft server protection racket and has been involved in major incidents. The botnet operates via a replication module that uses brute force login tactics and common credentials to launch various types of attacks. Infrastructure elements include server loader, command & control, victim replication, and DDoS victim attack modules. Mitigation strategies involve eliminating default credentials, auto-patching, and limiting login attempts. Various sources provide insights and analysis on the Mirai Botnet, offering a roadmap for segmentation.


Uploaded on Mar 09, 2024 | 1 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. Mirai Botnet Maneth Balasooriya and Jacob Gottschalk

  2. Overview Distributed Denial-of-Service attack via IoT device botnet ARC processor Linux devices: IP cameras, DVRs, etc.

  3. Origin Minecraft server protection racket Source code posted on GitHub

  4. KrebsOnSecurity OVH Dyn Major Incidents

  5. Method Replication Module and Attack Module Brute force login to IoT device Originally 64 common / manufacturer-specified login credentials SYN/ACK/GRE/HTTP flood

  6. Infrastructure Report Server Loader Command & Control Bot Net IoT Victim Replication Module DDoS Victim Attack Module

  7. Mitigation and Defense Eliminate default credentials Auto-patching Limit login attempts

  8. Sources USENIX Security 17 - Understanding the Mirai Botnet https://www.youtube.com/watch?v=1pywzRTJDaY Inside the infamous Mirai IoT Botnet: A Retrospective Analysis https://blog.cloudflare.com/inside-mirai-the-infamous-iot- botnet-a-retrospective-analysis/ Check Point Research. (2017). IoT Goes Nuclear: Creating a ZigBee Chain Reaction. Check Point Software Technologies Ltd. Available at: https://research.checkpoint.com/iot-goes-nuclear-creating-zigbee-chain-reaction/ Paxson, V. (2017). Lessons from the Mirai botnet. Communications of the ACM, 60(7), 38-43. Available at: https://dl.acm.org/doi/abs/10.1145/3097193 Krebs, B. (2016). A peek inside the Mirai botnet. KrebsOnSecurity. Retrieved from https://krebsonsecurity.com/2016/10/a- peek-inside-the-mirai-botnet/ "Mirai Botnet: A Roadmap to Segmentation," Trend Micro, https://www.trendmicro.com/vinfo/us/security/news/internet- of-things/mirai-botnet-a-roadmap-to-segmentation

More Related Content

giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#