Number of Items Identified: 9
Item #Item NameScoreItem Classification
1digital clock0.736device, timepiece, digital clock
2clock0.736
3timepiece0.737
4device0.922
5LED display (computer/TV)0.723device, LED display (computer, TV)
6bottle green color0.906
7blue color0.877

U.S. college endures 54-hour Mirai variant attack

In Education, Government, Security by The Stack

Tech News Keywords: , , , / Page Views: 202

Goto Source Article

An unnamed college in the United States was the target of a distributed denial of service (DDoS) attack, launched using a variant of the Mirai botnet.

The attack lasted over 54 hours straight, from February 28 through March 3. This makes the attack notable for duration alone, in a world where the average DDoS attack lasts approximately 8 hours.

Researchers from Imperva Incapsula, the security company employed by the school, immediately identified the attack as originating from a Mirai variant botnet due to the Mirai signatures that were available, including header values and traffic sources.

However, the bots used in the attack used 30 agents, all different from the five that are hardcoded into the default Mirai version. When added to the size and duration of the attack, this led the security researchers to conclude that they were dealing with a new, application-level variant of Mirai. This variant is distinguished from the publicly available default Mirai, which was responsible for last year’s network-level DDoS attacks on Dyn DNS and Krebs on Security.

The average traffic flow of requests during the attack was 30,000 requests per second (RPS), peaking at 37,000 RPS. Over the 54-hour attack, the college network was hit with over 2.8 billion requests. Traffic originated in 9,793 IP addresses worldwide, with the majority in the U.S., Israel and Taiwan.

The devices that were harnessed to leverage the DDoS attack included CCTV cameras, routers, and DVRs. The researchers discovered that 56% of the DVRs used in the hack came from a single manufacturer, who has been notified of the role of its products in the attack.

The security company noted that open telnet and TR-069 ports may have been exploited by the attackers for recognized vulnerabilities. Last November, researchers at Bad Cyber linked the TR-069 vulnerability with a variant of Mirai, which may have been used in the college attack.

The researchers noted that less than a day later, another DDoS ‘burst’ attack was launched at the same target, but lasted only an hour and garnered half the average requests per second of the original attack. Several more bursts are expected before the hackers move on.

Home

Share this News Post!
Geographic Location References for this Article Could Not Be Determined.





Related Posts