mirai botnet how iot botnets performed massive ddos
play

Mirai Botnet: How IoT Botnets Performed Massive DDoS Attacks and - PowerPoint PPT Presentation

Apr 15, 2023 •822 likes •1.36k views

Mirai Botnet: How IoT Botnets Performed Massive DDoS Attacks and Negatively Impacted Hundreds of Thousands of Internet Businesses and Millions of Users in October 2016 William Favre Slater, III, M.S. MBA, PMP, CISSP, CISA Sr. Cybersecurity

  1. Mirai Botnet: How IoT Botnets Performed Massive DDoS Attacks and Negatively Impacted Hundreds of Thousands of Internet Businesses and Millions of Users in October 2016 William Favre Slater, III, M.S. MBA, PMP, CISSP, CISA Sr. Cybersecurity Consultant and Adjunct Professor, IIT School of Applied Technology April 20, 2017 1 Mirai Botnet - William Favre Slater, III

  2. Agenda Introduction • WHY Is This important? • Internet of Things – Size and Typical Devices • What is a Botnet? • DDoS Attacks • Little Known Roots of the Mirai Botnet • Pre-Attack Events • What Did the Mirai Botnet Do in • October 2016? How Did Mirai Work? • Post-Attack Events • How Can an Organization Protect Against Mirai and other Botnet Attacks? • Hajime! Some Recent “Good News” • Conclusion • Questions • References • Bio • April 20, 2017 2 Mirai Botnet - William Favre Slater, III

  3. Introduction Mirai is the Japanese word for “The Future” • The Mirai Botnet Attack of October 2016 used known security weaknesses in • tens of millions of Internet of Things (IoT) Devices to launch massive Distributed Denial of Services Attacks against DYN, which is a major DNS Service provider. The result was a notable performance degrades in tens of thousands of businesses who rely heavily on the Internet, and millions of users who used these services. A short time before the attack, the Mirai Botnet code was shared on the Internet as it was placed into Open Source. With the exponential rise of the population of IoT devices, what does the Mirai Botnet attack mean for the future of Internet Security? This presentation will examine the implications of the Mirai Botnet code and • the explosion of IoT. April 20, 2017 3 Mirai Botnet - William Favre Slater, III

  4. WHY Is this Presentation Important?? • The Internet has been business critical since 1997 • The Internet, the World Wide Web, web applications, data, and resources they represent are often considered by many to be critical infrastructure • Outages (any) can cost money , lost customers , and even brand damage • Everyone who uses the Internet in a business capacity should be aware of the DDoS Threat that the Mirai Botnet and similar programs represent • The Internet of Things that plays a major role in this saga, continues to grow exponentially in popularity and in capability April 20, 2017 4 Mirai Botnet - William Favre Slater, III

  5. April 20, 2017 Mirai Botnet - William Favre Slater, III 5

  6. How Big is the “Internet of Things”? April 20, 2017 6 Mirai Botnet - William Favre Slater, III

  7. Typical IoT Devices CCTV cameras • DVRs • Digital TVs • Home routers • Printers • Alexa • Security systems • Garage doors • Industrial systems • Medical systems • Home appliances • Smart Utility Meters • Cars • Other stuff • April 20, 2017 7 Mirai Botnet - William Favre Slater, III

  8. Often “Internet of Things” Devices and Typically Cell Phones are Accessing the Internet Via IPv6 April 20, 2017 8 Mirai Botnet - William Favre Slater, III

  9. Comparing IPv4 and IPv6 April 20, 2017 9 Mirai Botnet - William Favre Slater, III

  10. What is a Botnet? Stachledraht DDoS Attack A botnet is a number of Internet- • connected devices used by a botnet owner to perform various tasks. Botnets can be used to perform Distributed Denial Of Service Attack, steal data, send spam, allow the attacker access to the device and its connection. The owner can control the botnet using command and control (C&C) software. The word botnet is a combination of the words robot and network. The term is usually used with a negative or malicious connotation. Botnets have been around since 2004. • Attacker machines are usually running • the Linux operating system . Sources: Wikipedia https://en.wikipedia.org/wiki/Botnet Cheng, G. (2005) . http://www.giac.org/paper/gcih/229/analysis-ddos-tool-stacheldraht-v1666/102150 April 20, 2017 10 Mirai Botnet - William Favre Slater, III

  11. Sources: Wikipedia https://en.wikipedia.org/wiki/Botnet April 20, 2017 11 Mirai Botnet - William Favre Slater, III

  12. DDoS Attacks DDoS Attacks DoS Attack Source: AWS Best Practices for DDoS Resiliency https://d0.awsstatic.com/whitepapers/Security/DDoS_White_Paper.pdf April 20, 2017 12 Mirai Botnet - William Favre Slater, III

  13. Types of DDoS Attacks HTTP Floods The Mirai Botnet infected and • harnessed millions of IoT Devices to DNS Query Floods • attack 17 DYN DNS Provider Data SSL Abuse • Centers and impair their ability to resolve DNS requests. TCP SYN Floods • TCP ACK Floods • Mirai is designed and was TCP NULL Floods • implemented to employ SEVERAL of these DDoS attack methods. Stream Flood • UDP Flood • UDP Reflection • Smurf Attack • ICMP PING Floods • GRE IP Floods • GRE ETH Floods • Sources: AWS Best Practices for DDoS Resiliency https://d0.awsstatic.com/whitepapers/Security/DDoS_White_Paper.pdf Cheng, G. (2005). http://www.giac.org/paper/gcih/229/analysis-ddos-tool-stacheldraht- v1666/102150 Herzberg, B., Bekerman, D., and Zeifman, I https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html. April 20, 2017 13 Mirai Botnet - William Favre Slater, III

  14. Types of DDoS Attacks Source: AWS Best Practices for DDoS Resiliency https://d0.awsstatic.com/whitepapers/Security/DDoS_White_Paper.pdf April 20, 2017 14 Mirai Botnet - William Favre Slater, III

  15. DDoS Attack Costs Money, Time and Risk Brand Damage Source: Kaspersky April 20, 2017 15 Mirai Botnet - William Favre Slater, III

  16. Little-Known Roots of the Mirai Botnet The 2012 Carna Botnet Census exploited over public-facing 420,000 IPv4 devices that • had no passwords or weak passwords Of the 4.3 billion possible IPv4 addresses, Carna Botnet found a total of 1.3 billion • addresses in use, including 141 million that were behind a firewall and 729 million that returned reverse domain name system records. The remaining 2.3 billion IPv4 addresses are probably not used. [Wikipedia] The website at http://internetcensus2012.github.io/InternetCensus2012/paper.html • shows the paper written which describes the methods used and data collected The author admitted in his paper that he enjoyed the “feeling of power” being able to • simultaneously control over 400,000 devices from a single desktop. Over 4 TB of device data and IP addresses were collected • This data remains a standard for “check up” to ensure that administrators have no public • facing insecure devices The author, who remains a secret, could face prosecution in every country that has • applicable network intrusion laws April 20, 2017 16 Mirai Botnet - William Favre Slater, III

  17. Source: Carna Botnet Census of 2012 http://census2012.sourceforge.net/paper.html April 20, 2017 17 Mirai Botnet - William Favre Slater, III

  18. Little Known Roots of the Mirai Botnet Source: https://web.archive.org/web/20130324015330/htt p://gawker.com:80/5991667/this-illegally-made- incredibly-mesmerizing-animated-gif-is-what-the- internet-looks-like April 20, 2017 18 Mirai Botnet - William Favre Slater, III

  19. Pre-Attack Events • August 2016 - Bruce Schneier predicts, based on his research and observations that a DDoS attack or series of attacks would take down the Internet • September 2016 - Brian Krebs’ website and his Provider were hit with DDoS attacks at about 665 Gbs • October 2016 - Mirai Source Code placed in Open Source April 20, 2017 19 Mirai Botnet - William Favre Slater, III

  20. DDoS Attack Prediction in September 2016 by Bruce Schneier Someone Is Learning How to Take Down the Internet - by Bruce Schneier, Excerpt: • “What can we do about this? Nothing, really. We don't know where the attacks come from. The data I see suggests China, an assessment shared by the people I spoke with. On the other hand, it's possible to disguise the country of origin for these sorts of attacks. The NSA, which has more surveillance in the Internet backbone than everyone else combined, probably has a better idea, but unless the US decides to make an international incident over this, we won't see any attribution. But this is happening. And people should know.” https://www.schneier.com/blog/archives/2016/09/someone_is_lear.html – Note: When Dr. Bruce Schneier says something, I believe it. He is one of the greatest Cybersecurity Researchers and Writers in the World. Bruce Schneier April 20, 2017 20 Mirai Botnet - William Favre Slater, III

  21. The Security Economics of Sources: https://www.schneier.com/blog/archives/2016/10/security_econom_1.html } Internet of Things (IoT) Excellent Commentary about IoT, Economics, And Security by Internationally known Security writer and Researcher, Dr. Bruce Schneier Bruce Schneier April 20, 2017 21 Mirai Botnet - William Favre Slater, III

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Next-Gen Mirai Balthasar Martin <balthasar@srlabs.de> Fabian Brunlein

Next-Gen Mirai Balthasar Martin <balthasar@srlabs.de> Fabian Brunlein

Next-Gen Mirai Balthasar Martin <balthasar@srlabs.de> Fabian Brunlein <fabian@srlabs.de> SRLabs Template v12 Mirai and IoT Reaper botnets exploited open Telnet and other known vulnerabilities Mirai botnet Reaper botnet Known

306 views • 26 slides
Botnets Leonidas Stylianou CS 682 23/04/2020 Lifecycle of a bot Infected host Botnet malware

Botnets Leonidas Stylianou CS 682 23/04/2020 Lifecycle of a bot Infected host Botnet malware

Botnets Leonidas Stylianou CS 682 23/04/2020 Lifecycle of a bot Infected host Botnet malware Botmaster controls becomes a bot and infects a host. the botnet. joins the botnet . Coordination of f bots with C&C server Bots query the

1k views • 58 slides
Understanding the Mirai Botnet Manos Antonakakis , Tim April , Michael Bailey ,

Understanding the Mirai Botnet Manos Antonakakis , Tim April , Michael Bailey ,

Understanding the Mirai Botnet Manos Antonakakis , Tim April , Michael Bailey , Matthew Bernhard , Elie Bursztein Jaime Cochran , Zakir Durumeric , J. Alex Halderman , Luca Invernizzi Michalis Kallitsis ,

709 views • 35 slides
Understanding the Mirai Botnet Manos Antonakakis , Tim April , Michael Bailey ,

Understanding the Mirai Botnet Manos Antonakakis , Tim April , Michael Bailey ,

Understanding the Mirai Botnet Manos Antonakakis , Tim April , Michael Bailey , Matthew Bernhard , Elie Bursztein Jaime Cochran , Michalis Kallitsis , Damian Menscher , Zakir Durumeric Deepak Kumar , Chad

628 views • 34 slides
A Framework for Understanding Botnets Justin Leonard, Shouhuai Xu, Ravi Sandhu University of T

A Framework for Understanding Botnets Justin Leonard, Shouhuai Xu, Ravi Sandhu University of T

A Framework for Understanding Botnets Justin Leonard, Shouhuai Xu, Ravi Sandhu University of T exas at San Antonio Overview Botnet Lifecycle Botnet Architecture Command and Control Mechanisms (C&C) Dynamic Graph Model Botnet

195 views • 18 slides
Linux IoT Botnet Wars and the Lack of Security Hardening Drew Moseley Solutions Architect

Linux IoT Botnet Wars and the Lack of Security Hardening Drew Moseley Solutions Architect

Linux IoT Botnet Wars and the Lack of Security Hardening Drew Moseley Solutions Architect Mender.io Session overview Case-studies of 3 botnets Mirai (August 2016) Hajime (October 2016) BrickerBot (March 2017) Common security

902 views • 28 slides
Mirai and IoT Botnet Analysis Robert Graham http://blog.erratasec.com @ErrataRob #RSAC What

Mirai and IoT Botnet Analysis Robert Graham http://blog.erratasec.com @ErrataRob #RSAC What

#RSAC SESSION ID: SESSION ID: HTA-W10 Mirai and IoT Botnet Analysis Robert Graham http://blog.erratasec.com @ErrataRob #RSAC What this talk will cover? Brief overview of Mirai The cameras themselves Step by step from infection to attacks

962 views • 63 slides
MetaNet A botnet with Metasploit integration By : Matan Ramrazker, Guy Gelber What is a Botnet

MetaNet A botnet with Metasploit integration By : Matan Ramrazker, Guy Gelber What is a Botnet

MetaNet A botnet with Metasploit integration By : Matan Ramrazker, Guy Gelber What is a Botnet A Botnet is a software that is designed to perform simple automated and usually cyclical operations. Botnet management is performed remotely

507 views • 24 slides
Detecting Botnets with NetFlow V. Krmek, T. Plesnk {vojtec|plesnik}@ics.muni.cz FloCon

Detecting Botnets with NetFlow V. Krmek, T. Plesnk {vojtec|plesnik}@ics.muni.cz FloCon

Detecting Botnets with NetFlow V. Krmek, T. Plesnk {vojtec|plesnik}@ics.muni.cz FloCon 2011, January 12, Salt Lake City, Utah Presentation Outline NetFlow Monitoring at MU Chuck Norris Botnet in a Nutshell Botnet Detection Methods

906 views • 63 slides
Detecting Botnets with Temporal Persistence Jaideep Chandrashekar Frederic

Detecting Botnets with Temporal Persistence Jaideep Chandrashekar Frederic

Detecting Botnets with Temporal Persistence Jaideep Chandrashekar Frederic Giroire Nina Taft Eve Schooler Mascotte project I3S (CNRS, Univ. of Nice) Intel Labs INRIA Sophia Antipolis Botnets: Why care? Botnet

888 views • 46 slides
Look Into The Future - Analyzing Mirai botnet - Mauritius 2016 FIRST TC Minoru Kobayashi

Look Into The Future - Analyzing Mirai botnet - Mauritius 2016 FIRST TC Minoru Kobayashi

Look Into The Future - Analyzing Mirai botnet - Mauritius 2016 FIRST TC Minoru Kobayashi Internet Initiative Japan Inc. Who am I ? Minoru Kobayashi I work for Internet Initiative Japan Inc.. IIJ is a Japanese ISP (We are the

418 views • 19 slides
DDOS: DDos and DDonts DrupalCon 2016 Agenda What is DDoS Detecting DDoS Attacks

DDOS: DDos and DDonts DrupalCon 2016 Agenda What is DDoS Detecting DDoS Attacks

DDOS: DDos and DDonts DrupalCon 2016 Agenda What is DDoS Detecting DDoS Attacks DDoS Prevention Improving Performance Questions Glossary DDoS - Attempt to make a server or network resource unavailable to Internet

549 views • 30 slides
Bypassing ISP and Enterprise Anti- DDoS with 90s technology Dennis Rand

Bypassing ISP and Enterprise Anti- DDoS with 90s technology Dennis Rand

So you think IoT DDoS botnets are dangerous Bypassing ISP and Enterprise Anti- DDoS with 90s technology Dennis Rand https://www.ecrimelabs.com @DennisRand About me Im a security researcher and founder of eCrimeLabs, based out of Denmark.

674 views • 48 slides
Botnets Some slides taken from David Choffnes, Northeastern

Botnets Some slides taken from David Choffnes, Northeastern

Botnets Some slides taken from David Choffnes, Northeastern https://www.justice.gov/usao-cdca/pr/justice-department- announces-court-authorized-efforts-map-and-disrupt-botnet- used-north

707 views • 32 slides
Runtime Security Lab Michael Schwarz Friday 31 st August, 2018 Graz Security Week 2018

Runtime Security Lab Michael Schwarz Friday 31 st August, 2018 Graz Security Week 2018

Runtime Security Lab Michael Schwarz Friday 31 st August, 2018 Graz Security Week 2018 https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html www.tugraz.at Large IoT Incidents September 21, 2016 > 600 Gbps on Brian Krebs

1.19k views • 71 slides
IoDDoS The Internet of Distributed Denial of Service Attacks A Case Study of the Mirai

IoDDoS The Internet of Distributed Denial of Service Attacks A Case Study of the Mirai

SPAWAR S YSTEMS C ENTER P ACIFIC IoDDoS The Internet of Distributed Denial of Service Attacks A Case Study of the Mirai Malware and IoT-Based Botnets 24-26 April, 2017 Presented at the 2 nd International Conference Presented by Roger

654 views • 20 slides
UX/UI/WEB PORTFOLIO CAROLINA PINILLA DESIGNER Main Tools: Sketch / Adobe Xd Zeplin / Marvel

UX/UI/WEB PORTFOLIO CAROLINA PINILLA DESIGNER Main Tools: Sketch / Adobe Xd Zeplin / Marvel

UX/UI/WEB PORTFOLIO CAROLINA PINILLA DESIGNER Main Tools: Sketch / Adobe Xd Zeplin / Marvel Photoshop / Illustrator After Effects / Atomic design Responsive design Kanban / Scrum UX DESIGN Able to understand business goals and

252 views • 24 slides
STATIS ISTA A ME MEDI DIAK AKIT IT WEBSITE & NEWSLETTER Statista The Statistics Portal

STATIS ISTA A ME MEDI DIAK AKIT IT WEBSITE & NEWSLETTER Statista The Statistics Portal

STATIS ISTA A ME MEDI DIAK AKIT IT WEBSITE & NEWSLETTER Statista The Statistics Portal that Revolutionizes Research Statista is the leading internet statistics portal , providing statistics and quantitative data on over 80,000 topics

387 views • 16 slides
Emilie Davis Creative Partner & Strategist 10 Years Specialize in identity,

Emilie Davis Creative Partner & Strategist 10 Years Specialize in identity,

Emilie Davis Creative Partner & Strategist 10 Years Specialize in identity, branding, & creative strategy for emerging businesses Large & small projects VAFMA & LVHMC Branding & Identity Identity &

676 views • 41 slides
The Dissemination Game The Dissemination Game How to communicate official statistics to

The Dissemination Game The Dissemination Game How to communicate official statistics to

The Dissemination Game The Dissemination Game How to communicate official statistics to non-expert users Intro: The Users Citizen User Information Forager Expert Section 1: Social Media 1.Tailor your content How? Quotes Slideshare

1.09k views • 62 slides
CIRA/ Colorado State University & * NOAA/NESDIS/STAR Asia- Oceania Meteorological Satellite

CIRA/ Colorado State University & * NOAA/NESDIS/STAR Asia- Oceania Meteorological Satellite

CIRA/ Colorado State University & * NOAA/NESDIS/STAR Asia- Oceania Meteorological Satellite Users Conference (AOMSUC -10), Melbourne, Australia 2-6 December 2019 1 CIRAs SLIDER Website 22 June 2017: CIRA launched SLIDER to the public

414 views • 18 slides
WordPress Users Group Manchester, NH July 13, 2015 Preparing Images for the Web Daryl

WordPress Users Group Manchester, NH July 13, 2015 Preparing Images for the Web Daryl

WordPress Users Group Manchester, NH July 13, 2015 Preparing Images for the Web Daryl Johnson SvenGrafik WHY OPTIMIZE IMAGES for WORDPRESS? 1. Page Load Times Matter to Users 2. Image Bloat Puts Search Engine Rankings at Risk 3. Slow

268 views • 23 slides
L OW COST DIGIT AL T OOL S, T IPS & T ACT ICS www.digita lc onve r sa tions.c om.a

L OW COST DIGIT AL T OOL S, T IPS & T ACT ICS www.digita lc onve r sa tions.c om.a

L OW COST DIGIT AL T OOL S, T IPS & T ACT ICS www.digita lc onve r sa tions.c om.a u T he goal of mar ke ting is to r e ac h the r ight pe ople , on the r ight c hanne ls at the r ight time . In the digital age we

811 views • 32 slides
2 -1% 8% 8% 9% Employees 8% 18-24 Retirees 34% 25-34 Public servants 17% 21% 8%

2 -1% 8% 8% 9% Employees 8% 18-24 Retirees 34% 25-34 Public servants 17% 21% 8%

2 -1% 8% 8% 9% Employees 8% 18-24 Retirees 34% 25-34 Public servants 17% 21% 8% 35-44 Workers PROFESSIONS AGE 45-54 Executives 55-64 Self-employed 8% 65-74 Students 18% 75+ Other 9% 14% No profession 5% 27% 6% 3%

674 views • 22 slides

More recommend