The Mirai botnet came under the spotlight after hackers leveraging the botnet mounted unprecedented DDoS attacks on the internet services firm Dyn. In the wake of the attacks, cybersecurity researchers have set up a Twitter account solely to monitor and post live updates on active and ongoing DDoS attacks launched by Mirai.
Dyn has since confirmed previous claims by security firms like Flashpoint of the Mirai botnet's involvement in the attacks. Dyn also confirmed that a third DDoS attack was attempted by hackers, but the firm said it was able to successfully mitigate the attack without any customer being affected.
Dyn's chief strategy officer Kyle York said in a statement: "At this point we know this was a sophisticated, highly distributed attack involving 10s of millions of IP addresses. We are conducting a thorough root cause and forensic analysis, and will report what we know in a responsible fashion. The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations."
The Mirai Twitter account is run by researchers going by the handle @MalwareTechBlog and @2sec4u, one of whom claimed that one of the Mirai botnets was found "desperately trying to down a minecraft server".
The researcher going by the name MalwareTech also noted that various Mirai botnets have been found attacking each other in what some believe to be a peculiar cyber turf war. "Since the source code was leaked everyone is starting their own," he told Motherboard.
"Mirai is definitely growing. There's a turf war to get the most control over IoT devices," added Dale Drew, chief security officer at Level 3 Communications.
Is your smart device part of the botnet that almost broke the internet?
Following the attacks, a Chinese firm called XiongMai Technologies also confirmed that some of its products – surveillance video cameras – were enslaved by the Mirai botnet and used to conduct the attacks. "Mirai is a huge disaster for the 'Internet of Things,'" XiongMai representative Cooper Wang told CNNMoney. "[We] have to admit that our products also suffered from hackers' break-in and illegal use."
Given the poor security that most IoT devices come with, it is likely that anyone who purchased a smart device may find their device being hijacked by hackers. However, an online tool called Bullguard's IoT Scanner can help smart device owners to identify if their device is still safe to use. The scanner has been designed to detect if smart devices, operating on users' home networks have been publicly exposed, potentially allowing access to hackers, Motherboard reported.
It is still unclear who the perpetrators of the attacks on Dyn are. According to security researchers at Flashpoint, the botnets used in the attacks against Dyn "were separate and distinct botnets from those used to execute the DDoS attacks against Krebs on Security and OVH". Flashpoint noted that since the source code for Mirai was released by a hacker going by the name "Anna_Senpai", "copycat hackers have used the malware to create botnets of their own in order to launch DDoS attacks".