More on Mirai, and more than Mirai
▻http://www.securityweek.com/mirai-iot-botnet-not-only-contributor-massive-ddos-attack-akamai
Akamai says Mirai was not alone:
While Akamai confirmed that the Mirai botnet was part the attack, the company also said that Mirai was only “a major participant in the attack” and that at least one other botnet might have been involved, though they couldn’t confirm that the attacks were coordinated.
Akamai refers to Mirai as Kaiten and has it documented here:
▻https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/kaiten-std-router-ddos-malware-threat-advisory.pdf
More on the released source code of Mirai which confirms the use of GRE flooding, one of the techniques used on top of DNS Water Torture:
▻http://www.securityweek.com/hacker-releases-source-code-iot-malware-mirai
A copy of the source code files provided to SecurityWeek includes a “read” where the author of Mirai explains his reasons for leaking the code and provides detailed instructions on how to set up a botnet.
[...]
Mirai, believed to have made rounds since May 2016, infects IoT devices protected by weak or default credentials. Once it hijacks a device, the threat abuses it to launch various types of DDoS attacks, including less common UDP floods via Generic Routing Encapsulation (GRE) traffic.
This was proven through reverse-engineering by
▻http://cyberx-labs.com/en/blog/cyberx-reveals-gre-evidence-krebs-iot-based-attack-largest-ddos-interne
It is still GRE is still an uncommon attack vector, but it was already used during the 2016 Rio games
▻http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/how-a-massive-540-gbsec-ddos-attack-failed-to-spoil-the-rio-olympics
For some French, see also here:
▻https://seenthis.net/messages/530903
#Mirai #Kaiten
#Akamai
#DDoS
#Brian_Krebs
#OVH
#GRE
#DNS_Water_Torture