In September, cybersecurity journalist Brian Krebs was targeted by a massive DDoS attack that took his website offline. Now, Krebs is reporting that the source code that powered the attack has been publicly distributed on the internet.
Mirai is a piece of malware that preys on Internet of Things devices, specifically those that are being protected by factory default settings, or hard-coded authentication credentials. It continually scans for targets, seeding those that are vulnerable and turning them into bots that can be used to facilitate a DDoS attack.
The Mirai source code was released via a malware message board known as Hackforums, according to a report from Krebs on Security. The user responsible for the post states a desire to move on from staging attacks on IoT hardware, but Krebs believes that the real motivation behind this release is less altruistic.
The high-profile nature of the attack on Krebs’ site has likely prompted a new wave of investigations into Mirai and its authors. Krebs argues that the culprit is likely to be circulating the source code to make it more difficult for law enforcement to trace this particular strain of malware back to its origin.
The good news is that IoT devices infected by Mirai can be recovered via a simple reboot — the bad news is that scanning for new targets is thought to be so prevalent, that the hardware could be infected once again in a matter of minutes. As such, the advice is to change the default password, putting the device outside of Mirai’s reach.
Referencing a Gartner forecast that predicts that 6.4 billion IoT devices will be in use worldwide this year, Krebs warns of a “dawning IoT nightmare” if security standards aren’t tightened. Given the amount of hardware out in the wild, and the fact that Mirai is now freely available, it’s easy to see where his concerns are coming from.