SlideShare a Scribd company logo

MiraiBotnet.pptx

Download as PPTX, PDF
A
AmitSingh565980

The document summarizes the Mirai botnet, which infected hundreds of thousands of internet-connected devices to conduct large-scale DDoS attacks. It describes how Mirai propagated by scanning for vulnerable devices and installing malware. Researchers used network telescopes and honeypots to identify infected devices and attacks. The botnet brought down websites and services but caused no major, lasting damage. Future botnets may become more sophisticated with new infection methods and command infrastructure, leveraging the billions of devices expected to connect to the internet. Improving device security through patching and design is needed to address this growing threat.

1 of 28
Understanding the Mirai Botnet Presented by John Johnson
Why this paper?  Not a theoretical paper  Demonstrates real world consequences  Expected creation of billions of IOT devices
The Dark Arts are many, varied, ever-changing, and eternal. Fighting them is like fighting a many-headed monster, which, each time a neck is severed, sprouts a head even fiercer and cleverer than before. You are fighting that which is unfixed, mutating, indestructible. - Severus Snape
How do botnets propagate?  Scan a target  Leverage known exploits  Install the botnet software  Rinse and repeat
Fighting back  We must identify these devices and shut them down  But there are so many devices  And we have limited resources  And users are clueless
Network Telescope  Watch the unindexed portions of the internet for suspicious traffic  Use fingerprinting to selectively ID  116 billion probes  55 million probers
Identifying infections  Detect a vulnerability scan from the infected device  Banner scan the device for unclosed services  Only tag devices ID’d within 20 minutes of a scan
Honeypots  Invaluable for analyzing malware infections  Can determine attacker sophistication and behavior based on malware reverse engineering  Can dissect infection process
Got Milk?  Milkers are similar to honeypots  Figure out what commands a C2 server will send  Identify additional C2 servers  15,194 attacks identified
Mirai protected itself better than the IOT devices it infected  Mirai disables all common unused services  Fingerprinting can’t be done by the usual banner grabbing  Still able to banner grab lesser known services
Your tired your poor, your low bandwidth  DVRs, routers, and cameras are all fair game  Atypically composed of devices from non-US countries  More like shambling zombies than a pack of cheetahs (bandwidth limits matter)
Not your average botnet  Botnet owners didn’t care for persistence  This is highly unusual, but makes the botnet much harder to detect  A rebooted device would simply be re-infected later
Evolution  Why log in when you can steal a devices soul? (RCE variant)  It is easy to tack on new infection methods  We will continue to see variants of Mirai for some time
But wait! There’s more!  Abuse DNS and residual trust  Make reversing harder by using complex packers  Add support infrastructure, command relays
Attackers suffer from the same pains as regular IOT users  Slow initial growth due to the restricted capability of infected devices  Infrastructure is required to manage half a million devices  1000 devices to 1 C2 servers
Scalin’ on Up
Notable achievements  Knocked Liberia off the internet for a period of time  Forced Cloudflare to abandon their deal with Brian Krebs  Harassed DDoS mitigation companies  Knocked Minecraft servers and other gaming services offline
Script kiddies do not an Advanced Persistent Threat make  Mostly childish attacks on people the attackers disliked  Minimal if any lasting damage  We were very lucky no important services were targeted  We could have done better to protect against Mirai
Not the sharpest tools in the shed When I first go in DDoS industry, I wasn't planning on staying in it long. I made my money, there's lots of eyes looking at IOT now, so it's time to GTFO. However, I know every skid and their mama, it's their wet dream to have something besides qbot. So today, I have an amazing release for you. With Mirai, I usually pull max 380k bots from telnet alone. However, after the Kreb DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300k bots, and dropping. - One of the Mirai authors
It will probably get worse  Attacks get more sophisticated  New attacks come out of nowhere (ransomware)  Mirai was only 600k devices (imagine a billion)  We don’t know how new attacks will leverage IOT
Heterogeneity makes for a juicy attack surface  Easy to target cheap-on-security IOT vendors  Startup vendors have less resources/experience to orchestrate patching  Spending time to develop exploits for a single device can net you thousands of infected hosts  It also makes it harder to compromise the entire market
How do we fix this?  Basic hardening (ASLR, priv. separation etc)  Teach about patching, make it easier  Find a way to reliably take unsupported devices offline  Identification? What about privacy?
xkcd.com
It could get better  Vendors are slowly replacing hardcoded passwords with generated ones  Our society is coming to terms with managing vulnerable devices in a digital age  We can educate consumers about how to care for devices better
The Internet of Garbage
Questions?

Recommended

Botnets
BotnetsBotnets
Botnets
Kavisha Miyan
 
Botnet
BotnetBotnet
Botnet
prisonbreak4950
 
A tale of mobile threats
A tale of mobile threatsA tale of mobile threats
A tale of mobile threats
Vincenzo Iozzo
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynets
Rasool Irfan
 
How spam change the world
How spam change the world How spam change the world
How spam change the world
Farhaan Bukhsh
 
CrowdSec A-Round Fundraising Deck
CrowdSec A-Round Fundraising DeckCrowdSec A-Round Fundraising Deck
CrowdSec A-Round Fundraising Deck
CrowdSec
 
Detecting and Confronting Flash Attacks from IoT Botnets
Detecting and Confronting Flash Attacks from IoT BotnetsDetecting and Confronting Flash Attacks from IoT Botnets
Detecting and Confronting Flash Attacks from IoT Botnets
Farjad Noor
 
Honeypot ss
Honeypot ssHoneypot ss
Honeypot ss
Kajal Mittal
 

Recommended

Botnets
BotnetsBotnets
Botnets
Kavisha Miyan
 
Botnet
BotnetBotnet
Botnet
prisonbreak4950
 
A tale of mobile threats
A tale of mobile threatsA tale of mobile threats
A tale of mobile threats
Vincenzo Iozzo
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynets
Rasool Irfan
 
How spam change the world
How spam change the world How spam change the world
How spam change the world
Farhaan Bukhsh
 
CrowdSec A-Round Fundraising Deck
CrowdSec A-Round Fundraising DeckCrowdSec A-Round Fundraising Deck
CrowdSec A-Round Fundraising Deck
CrowdSec
 
Detecting and Confronting Flash Attacks from IoT Botnets
Detecting and Confronting Flash Attacks from IoT BotnetsDetecting and Confronting Flash Attacks from IoT Botnets
Detecting and Confronting Flash Attacks from IoT Botnets
Farjad Noor
 
Honeypot ss
Honeypot ssHoneypot ss
Honeypot ss
Kajal Mittal
 
Thane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentationThane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentation
Jeff Zahn
 
Botnets And Alife
Botnets And AlifeBotnets And Alife
Botnets And Alife
Zotronix
 
Understing the mirai botnet and the impact on iot security
Understing the mirai botnet and the impact on iot securityUndersting the mirai botnet and the impact on iot security
Understing the mirai botnet and the impact on iot security
SaeidGhasemshirazi
 
beware of Thing Bot
beware of Thing Botbeware of Thing Bot
beware of Thing Bot
Bellaj Badr
 
Netforts
Netforts Netforts
Netforts
Wing Venture Capital
 
Botnet
BotnetBotnet
Botnet
Joshin Gomez
 
Artificial Intelligence powered malware - A Smart virus
Artificial Intelligence powered malware - A Smart virusArtificial Intelligence powered malware - A Smart virus
Artificial Intelligence powered malware - A Smart virus
Stig-Arne Kristoffersen
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
Pierluigi Paganini
 
Honeypots
HoneypotsHoneypots
Honeypots
Bilal ZIANE
 
Honeypots
HoneypotsHoneypots
Honeypots
Jyoti Nagargoje
 
BOTNETS
BOTNETSBOTNETS
BOTNETS
Arjo Ghosh
 
BOTNET
BOTNETBOTNET
BOTNET
Arjo Ghosh
 
Botnet
BotnetBotnet
Botnet
lokenra
 
Bots and Botnet
Bots and BotnetBots and Botnet
Bots and Botnet
Hicube Infosec
 
Deep Dive to Understanding the Mirai Botnet
Deep Dive to Understanding the Mirai BotnetDeep Dive to Understanding the Mirai Botnet
Deep Dive to Understanding the Mirai Botnet
SaeidGhasemshirazi
 
Botnets
BotnetsBotnets
Botnets
Vishwadeep Badgujar
 
Nastiest Malware 2021
Nastiest Malware 2021Nastiest Malware 2021
Nastiest Malware 2021
tsevier
 
Cybersecurity -Terms.
Cybersecurity -Terms.Cybersecurity -Terms.
Cybersecurity -Terms.
offensoSEOwork
 
Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1
Aniq Eastrarulkhair
 
IoT Honeypots: State of the Art
IoT Honeypots: State of the ArtIoT Honeypots: State of the Art
IoT Honeypots: State of the Art
Biagio Botticelli
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Tatiana Kojar
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 

More Related Content

Similar to MiraiBotnet.pptx

Thane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentationThane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentation
Jeff Zahn
 
Botnets And Alife
Botnets And AlifeBotnets And Alife
Botnets And Alife
Zotronix
 
Understing the mirai botnet and the impact on iot security
Understing the mirai botnet and the impact on iot securityUndersting the mirai botnet and the impact on iot security
Understing the mirai botnet and the impact on iot security
SaeidGhasemshirazi
 
beware of Thing Bot
beware of Thing Botbeware of Thing Bot
beware of Thing Bot
Bellaj Badr
 
Netforts
Netforts Netforts
Netforts
Wing Venture Capital
 
Botnet
BotnetBotnet
Botnet
Joshin Gomez
 
Artificial Intelligence powered malware - A Smart virus
Artificial Intelligence powered malware - A Smart virusArtificial Intelligence powered malware - A Smart virus
Artificial Intelligence powered malware - A Smart virus
Stig-Arne Kristoffersen
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
Pierluigi Paganini
 
Honeypots
HoneypotsHoneypots
Honeypots
Bilal ZIANE
 
Honeypots
HoneypotsHoneypots
Honeypots
Jyoti Nagargoje
 
BOTNETS
BOTNETSBOTNETS
BOTNETS
Arjo Ghosh
 
BOTNET
BOTNETBOTNET
BOTNET
Arjo Ghosh
 
Botnet
BotnetBotnet
Botnet
lokenra
 
Bots and Botnet
Bots and BotnetBots and Botnet
Bots and Botnet
Hicube Infosec
 
Deep Dive to Understanding the Mirai Botnet
Deep Dive to Understanding the Mirai BotnetDeep Dive to Understanding the Mirai Botnet
Deep Dive to Understanding the Mirai Botnet
SaeidGhasemshirazi
 
Botnets
BotnetsBotnets
Botnets
Vishwadeep Badgujar
 
Nastiest Malware 2021
Nastiest Malware 2021Nastiest Malware 2021
Nastiest Malware 2021
tsevier
 
Cybersecurity -Terms.
Cybersecurity -Terms.Cybersecurity -Terms.
Cybersecurity -Terms.
offensoSEOwork
 
Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1
Aniq Eastrarulkhair
 
IoT Honeypots: State of the Art
IoT Honeypots: State of the ArtIoT Honeypots: State of the Art
IoT Honeypots: State of the Art
Biagio Botticelli
 

Similar to MiraiBotnet.pptx (20)

Thane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentationThane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentation
 
Botnets And Alife
Botnets And AlifeBotnets And Alife
Botnets And Alife
 
Understing the mirai botnet and the impact on iot security
Understing the mirai botnet and the impact on iot securityUndersting the mirai botnet and the impact on iot security
Understing the mirai botnet and the impact on iot security
 
beware of Thing Bot
beware of Thing Botbeware of Thing Bot
beware of Thing Bot
 
Netforts
Netforts Netforts
Netforts
 
Botnet
BotnetBotnet
Botnet
 
Artificial Intelligence powered malware - A Smart virus
Artificial Intelligence powered malware - A Smart virusArtificial Intelligence powered malware - A Smart virus
Artificial Intelligence powered malware - A Smart virus
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypots
HoneypotsHoneypots
Honeypots
 
BOTNETS
BOTNETSBOTNETS
BOTNETS
 
BOTNET
BOTNETBOTNET
BOTNET
 
Botnet
BotnetBotnet
Botnet
 
Bots and Botnet
Bots and BotnetBots and Botnet
Bots and Botnet
 
Deep Dive to Understanding the Mirai Botnet
Deep Dive to Understanding the Mirai BotnetDeep Dive to Understanding the Mirai Botnet
Deep Dive to Understanding the Mirai Botnet
 
Botnets
BotnetsBotnets
Botnets
 
Nastiest Malware 2021
Nastiest Malware 2021Nastiest Malware 2021
Nastiest Malware 2021
 
Cybersecurity -Terms.
Cybersecurity -Terms.Cybersecurity -Terms.
Cybersecurity -Terms.
 
Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1
 
IoT Honeypots: State of the Art
IoT Honeypots: State of the ArtIoT Honeypots: State of the Art
IoT Honeypots: State of the Art
 

Recently uploaded

Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Tatiana Kojar
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStrDeep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
saastr
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
Hiike
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
fredae14
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 

Recently uploaded (20)

Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStrDeep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 

MiraiBotnet.pptx

  • 2. Why this paper?  Not a theoretical paper  Demonstrates real world consequences  Expected creation of billions of IOT devices
  • 3. The Dark Arts are many, varied, ever-changing, and eternal. Fighting them is like fighting a many-headed monster, which, each time a neck is severed, sprouts a head even fiercer and cleverer than before. You are fighting that which is unfixed, mutating, indestructible. - Severus Snape
  • 4. How do botnets propagate?  Scan a target  Leverage known exploits  Install the botnet software  Rinse and repeat
  • 5. Fighting back  We must identify these devices and shut them down  But there are so many devices  And we have limited resources  And users are clueless
  • 6. Network Telescope  Watch the unindexed portions of the internet for suspicious traffic  Use fingerprinting to selectively ID  116 billion probes  55 million probers
  • 7. Identifying infections  Detect a vulnerability scan from the infected device  Banner scan the device for unclosed services  Only tag devices ID’d within 20 minutes of a scan
  • 8. Honeypots  Invaluable for analyzing malware infections  Can determine attacker sophistication and behavior based on malware reverse engineering  Can dissect infection process
  • 9. Got Milk?  Milkers are similar to honeypots  Figure out what commands a C2 server will send  Identify additional C2 servers  15,194 attacks identified
  • 10. Mirai protected itself better than the IOT devices it infected  Mirai disables all common unused services  Fingerprinting can’t be done by the usual banner grabbing  Still able to banner grab lesser known services
  • 11. Your tired your poor, your low bandwidth  DVRs, routers, and cameras are all fair game  Atypically composed of devices from non-US countries  More like shambling zombies than a pack of cheetahs (bandwidth limits matter)
  • 12. Not your average botnet  Botnet owners didn’t care for persistence  This is highly unusual, but makes the botnet much harder to detect  A rebooted device would simply be re-infected later
  • 13. Evolution  Why log in when you can steal a devices soul? (RCE variant)  It is easy to tack on new infection methods  We will continue to see variants of Mirai for some time
  • 14. But wait! There’s more!  Abuse DNS and residual trust  Make reversing harder by using complex packers  Add support infrastructure, command relays
  • 15. Attackers suffer from the same pains as regular IOT users  Slow initial growth due to the restricted capability of infected devices  Infrastructure is required to manage half a million devices  1000 devices to 1 C2 servers
  • 17.
  • 18. Notable achievements  Knocked Liberia off the internet for a period of time  Forced Cloudflare to abandon their deal with Brian Krebs  Harassed DDoS mitigation companies  Knocked Minecraft servers and other gaming services offline
  • 19. Script kiddies do not an Advanced Persistent Threat make  Mostly childish attacks on people the attackers disliked  Minimal if any lasting damage  We were very lucky no important services were targeted  We could have done better to protect against Mirai
  • 20. Not the sharpest tools in the shed When I first go in DDoS industry, I wasn't planning on staying in it long. I made my money, there's lots of eyes looking at IOT now, so it's time to GTFO. However, I know every skid and their mama, it's their wet dream to have something besides qbot. So today, I have an amazing release for you. With Mirai, I usually pull max 380k bots from telnet alone. However, after the Kreb DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300k bots, and dropping. - One of the Mirai authors
  • 21. It will probably get worse  Attacks get more sophisticated  New attacks come out of nowhere (ransomware)  Mirai was only 600k devices (imagine a billion)  We don’t know how new attacks will leverage IOT
  • 22. Heterogeneity makes for a juicy attack surface  Easy to target cheap-on-security IOT vendors  Startup vendors have less resources/experience to orchestrate patching  Spending time to develop exploits for a single device can net you thousands of infected hosts  It also makes it harder to compromise the entire market
  • 23. How do we fix this?  Basic hardening (ASLR, priv. separation etc)  Teach about patching, make it easier  Find a way to reliably take unsupported devices offline  Identification? What about privacy?
  • 25. It could get better  Vendors are slowly replacing hardcoded passwords with generated ones  Our society is coming to terms with managing vulnerable devices in a digital age  We can educate consumers about how to care for devices better
  • 26.
  • 27. The Internet of Garbage