New Mirai-Inspired Botnet Shows the Potential for Large-Scale DDoS Assaults

Potential for Large-Scale DDoS Assaults
Potential for Large-Scale DDoS Assaults

Not too many businesses complain about having too much interest. A business in which there are endless requests being made by potential customers is, by and large, a successful business. It certainly beats being too quiet.

This is true. But there’s a big exception to the rule — and it forms the basis of a cyberattack referred to as a Distributed Denial of Service (DDoS) attack. In a DDoS attack, bad actors send massive amounts of fraudulent data or requests with the express goal of overloading the service in question.

In essence, it tries to drown targets under massive amounts of fake traffic which gobble up internet bandwidth, RAM and CPU capacity. The results can range from services that are, much to the frustration of customers, significantly slowed down or disrupted to websites entirely knocked offline. Those without the proper DDoS protection tools can be in serious trouble.

DDoS attacks have hit some of the biggest names around, including Amazon, the BBC, code repository GitHub, major banking giants including the Bank of America, Citigroup, JP Morgan Chase, US Bancorp, and more.

Making DDoS attacks even more dangerous

Cyber attackers are constantly on the lookout for ways to make these attacks more devastating to potential targets, whether that be making attacks bigger (Google has reported being hit with a DDoS attack that peaked at 2.5Tbps) or longer (the attacks continued over a six-month period). Much of this involves finding amplification methods for boosting the severity of an attack.

Many DDoS attacks employ what is known as a botnet. A botnet is a massive collection of devices, connected to the internet, that have been infected using malware so as to allow them to be remote controlled by hackers — usually without the owners of the devices being aware that this is being done.

The techniques used to assemble these botnets are underhanded, and involve praying on vulnerabilities on the part of would-be botnet participants, much the same way that DDoS attacks exploit weaknesses within systems and websites to bring the services down.

In February 2021, it was reported that a new botnet, which recycles the Mirai malware framework, is targeting Android devices to launch new DDoS attacks. Mirai refers to an infamous botnet that was utilized in a devastating DDoS attack against the DNS provider Dyn back in 2016. Mirai primarily took over Internet of Things-connected devices, such as home routers, smart security cameras, baby monitors, and more.

A new botnet threat is on the scene

While many users are not even necessarily aware that such connected gadgets could be commandeered in such a way, the success of the Mirai botnet demonstrated how much harm these IoT devices can cause when exploited. The attack temporarily knocked offline a number of popular online services, including Netflix. That year, the author of Mirai published its source code online. That made it possible for copycats to create and launch Mirai variants.

This new 2021-era, Mirai-inspired botnet is called Matryosh, named after the Matryoshka Russian nesting dolls. It is spread through the Android Debug Bridge (ADB) interface, and allows infected devices to be commandeered as digital Manchurian candidates — thereby enabling them to be leveraged in potential large-scale DDoS assaults. Matryosh is just one of multiple new strains of botnet to debut in recent years, with others including the likes of the DDG botnet, Dark_Nexus, MootBot, Kaiji, and others.

In recent years, the prevalence of botnets has increased as a result of “DDoS for hire” services. These services, the nefarious mirror of more legitimate subscription services, allows users to rent botnets without having to worry about assembling one themselves. DDoS for hire services are sometimes called stressors or booters, and can be legitimate when they are used for stress-testing a system owned by the person or business launching the stressor or booter.

However, they are also used to launch DDoS attacks on targets for just a few dollars per time, significantly lowering the technical expertise needed to launch such an attack. As people during the pandemic have relied on online infrastructure more than ever, DDoS attacks have ramped up like never before.

Defending against the DDoS attackers

But there are ways to strike back against DDoS attacks, and protect yourself against the threat they pose. That’s especially crucial at a time when large scale botnets — like Matryosh has the potential to be — are becoming more prevalent.

The latest cybersecurity anti-DDoS tools work by analyzing incoming traffic and then filtering out any suspicious traffic that looks like it has the potential to be harmful. These tools will work effectively, while still allowing legitimate traffic to reach its destination. Other tools available can additionally help absorb potentially enormous DDoS attacks without risking websites or systems being brought to a standstill — or worse.

There are few cyberattacks more potentially damaging to a company than a DDoS attack. As they become larger and more commonplace, this threat is only going to increase further. Making sure you deploy the right defensive tools to protect yourself against them is not only smart thinking — it’s the only approach a smart business should take here in 2021.