Malware Infested My House with Zombies

Mirai

How much do you trust your router, your webcam, or your DVR? What if malware turned them into members of a hacker’s zombie army behind your back?

That was what happened in October 2016, when as many as 500,000 connected devices were taken over by the Mirai malware and unleashed on the Internet in a distributed denial-of-service (DDoS) attack. Hackers used these “zombie devices” to send millions of requests at a single target, overwhelming and blocking access to sites like Twitter, Reddit, Github, PayPal, Spotify—and even Netflix and Amazon. For example, experts estimate that a staggering 1.5 terabytes worth of requests were produced by Internet-connected devices such as baby monitoring cameras.

This wasn’t the first—or only—time the Mirai zombie army went shambling forth. The malware has been used to target game servers, universities, internet providers, post offices, journalists’ websites, and even the entire country of Liberia.

Worst of all, people who owned the infected devices were oblivious to what was going on. Do you know whether the devices in your home or office are safe?

How It Works

Certain Internet-connected devices can be accessed directly from the Internet, but may be largely unprotected. Nefarious individuals with the right tools and standard device authentication credentials—which are available to anyone who goes looking for them on manufacturers’ websites—can log into these devices and install malware, such as Mirai. It was reported that just 61 different passwords were needed to gain access to the estimated half a million devices that were affected.

Once the malware’s in place, the device becomes part of the hacker’s zombie army, or “botnet.” The malware can be remotely executed to launch attacks on whomever the hacker pleases.

Mirai exploits a vulnerability that has been around for 12 years to do its dirty work. Most of the devices it targets are difficult, if not impossible, to patch, making it hard to shut the door on the malware. When was the last time you patched your printer?

And think about how many devices in your home are Internet-connected: your fridge, your lights, your alarm system, your thermostat? These are devices that should be  defended.

How to Keep Devices Safe

Getting rid of Mirai is a pain. Even if   the malware is flushed out of the devices, any hacker can come along with their master list of access codes and re-install it if other precautions are not taken.

Mirai gets into devices in the first place by exploiting their always-on Telnet access. The most vulnerable devices come out of the box listening for Telnet connections that are coming in through certain ports. This lets users remotely access that device to log in and make changes. While this can be handy for logging into a WiFi router and adjusting  settings from the bathroom, it may also put  devices at risk for attack by hackers on the other side of the globe. If they can find out the device exists (which is easy with tools like the openly available Shodan Internet of Things search engine), they can usually get access.

This all may sound difficult to defend  devices from, but in reality, it isn’t as complex at it seems. Following a few key security tips will help keep all kinds of malware, including Mirai, at bay.

Some Recommendations to Safeguard Your Devices

  • Change the access passwords for  devices from defaults to something stronger. Used mixed letters in both upper and lower case, numbers, and symbols for maximum security.
  • Set up a firewall. This only allows devices to talk to specific, approved, servers. Even if a hacker is able to infect a device, a firewall keeps the hackers from enslaving the device by blocking the outbound traffic typical of a botnet attack.
  • Put protective measures in place in a WiFi router’s settings to filter out nefarious traffic on  WiFi and defend the devices that are connected to it.
  • Buy products that keep their Telnet ports closed­­—or close them directly. If rempte control of devices is needed, such as from a mobile phone, use a virtual private network (VPN).

Don’t Sleep on Malware

When it comes down to it, botnets are old hat. They’ve been in use for years, although the exact brand of malware behind them is constantly changing. Even if precautions are taken to protect devices against Mirai, it's almost a certainty that another flavor of malware under a different name will be recruiting devices for its zombie army sooner than later. The best way to protect against another Mirai-like hack attack is to stay proactive and keep on top of the newest happenings in security.