Mirai Botnet Creator Ordered To Pay $8.6M for Rutgers DDoS Attacks

Mirai botnetA federal court has ordered Mirai botnet creator Paras Jha to pay $8.6 million to Rutgers University for distributed denial of service (DDoS) attacks on the university’s networks.

Jha also must serve six months of home detention for the DDoS campaign carried out between November 2014 and September 2016, which shutdown the university’s central authentication server.

The server maintained the gateway portal through which staff, faculty, and students exchanged assignments and assessments. The DDoS attacks took the portal offline on a number of occasions.

Jha, along with Josiah White and Dalton Norman, plead guilty in December last year to creating and operating the Mirai botnet, which recruited Internet of Things devices to launch DDoS attacks.

The defendants uncovered vulnerabilities that allowed them to surreptitiously attain administrative or high-level access to victim devices for the Mirai botnet.

The Mirai botnet at its peak enslaved hundreds of thousands of compromised IoT devices. Jha subsequently posted the source code online in the fall of 2016.

On Sept. 18, 2018, a federal court sentenced all three defendants to five year’s probation and 2,500 hours of community service. They were ordered to pay restitution in the amount of $127,000 and to abandon cryptocurrency seized during the course of the investigation.

Jha, Norman Plead Guilty to More Charges

Jha and Norman also plead guilty to successfully infecting more than 100,000 U.S.-based Internet-connected computing devices with malware between December 2016 and February 2017.

The two then used the compromised devices as a network of proxies through which they routed Internet traffic. The victim devices were used primarily in “clickfraud,” a type of Internet-based scheme that utilizes “clicks,” or the accessing of URLs and similar web content, for the purpose of artificially generating revenue.

Last month, European law enforcement agency Europol warned that DDoS attackers were targeting critical infrastructure. Europol said that DDoS attacks were becoming more accessible and involved low cost and low risk for attackers.

Malware Samples Targeting Internet of Things Devices Soar

Internet of ThingsThere was a dramatic rise in malware samples targeting Internet of Things devices, according to a new report by Kaspersky Lab.

In fact, the security firm found three times as many malware samples in the first half of 2018 as in all of 2017. Last year, there were ten times more malware samples targeting Internet of Things devices than in 2016. “That doesn’t bode well for the years ahead,” the researchers observed.

Kaspersky Lab set up honeypots to catch cybercriminals in the act. What it found was that that one of the most popular attack and infection vector was cracking Telnet passwords.

Surprisingly, Brazil was the top country from which Telnet password attacks originated. Perennial favorite Russia only finished fourth, behind China and Japan. Better luck next time, Vlad.

Once the criminals crack the Telnet password, their favorite malware to download is Mirai.

For the first six months of 2018, the Telnet honeypot registered more than 12 million attacks from 86,560 unique IP addresses. Malware was downloaded from 27,693 unique IP addresses.

Reaper Botnet Infects Internet of Things

An alternative vector to Telnet password cracking is the Reaper botnet. Its assets at end-2017 numbered about two million Internet of Things devices. Instead of targeting Telnet passwords, this botnet attacks known software vulnerabilities.

With the Reaper botnet, infections occur faster. And it is much harder to patch a software vulnerability than change a password.

“Although this method is more difficult to implement, it found favor with many virus writers,” the researchers wrote.

Infected devices that attacked Kaspersky’s honeypots included MikroTik, TP-Link, SonicWall, AV tech, Vigor, Ubiquiti, D-Link, Cisco, AirTies, Cyberroam, HikVision, ZTE, and Miele.

“Malware for smart devices is increasing not only in quantity, but also quality. More and more exploits are being weaponized by cybercriminals, and infected devices are used to steal personal data and mine cryptocurrencies, on top of traditional DDoS attacks,” the researchers concluded.