Connect with us

Hi, what are you looking for?


Security Infrastructure

Mirai IoT Botnet Wasn’t Alone in Massive DDoS Attack: Akamai

Akamai this week shared additional details on the massive 665 gigabit per second (Gbps) distributed denial of service (DDoS) attack that targeted Brian Krebs’ website. 

Akamai this week shared additional details on the massive 665 gigabit per second (Gbps) distributed denial of service (DDoS) attack that targeted Brian Krebs’ website. 

While Akamai confirmed that the Mirai botnet was part the attack, the company also said that Mirai was only “a major participant in the attack” and that at least one other botnet might have been involved, though they couldn’t confirm that the attacks were coordinated. The company also said that the 620+ Gbps DDoS attack registered on Sept. 20 was nearly double that of the previous peak attack on its platform.

Following the attack and a subsequent incident reported by hosting provider OVH, Mirai came to the spotlight, along with the issue of insecure Internet of Things (IoT) devices.  Easy-to-guess default credentials and other vulnerabilities have made it easy for cybercriminals to create such IoT botnets. Furthermore, Mirai’s source code was released online several days ago.

Akamai says that the attack was indeed powered by an army of IoT devices, mainly security cameras and DVRs that have been used in “Small Office/Home Office” setups. “We’ve confirmed that many of these devices use either easily guessable (admin, password, 1234) usernames and passwords or the default passwords originally configured on the devices,” Daniel Shugrue, Director of Product Marketing at Akamai, explains.

He also reveals that “the attack included a substantial amount of traffic connecting directly from the botnet to the target.” Basically, the attackers didn’t rely on reflection and amplification to increase the amount of traffic to the target, although other DDoS attacks employ such techniques.

Akamai, he says, has been tracking the Mirai malware, which they refer to as Kaiten (PDF), for a few months, and has published a Threat Advisory to customers on August 8. The advisory detailed how the threat was using brute-force attacks to enslave devices that existed on a Public IP and had open ports for listening services such as Telnet, SSH, HTTP, and SMTP, and more.

The company observed that around 100,000 total login attempts were made on a vulnerable device from more than 1,800 IPs within 12 days, with China (64%), Colombia (13%), South Korea (6%), and Vietnam (6%) being the main sources of attack. SSH (57%) and Telnet (42%) were the most attacked protocols, while the top used usernames were root (75%), admin (10%), shell (6%), and sh (6%).

Similar attacks were recently observed targeting a vulnerable DVR and have been previously associated with various IoT malware families. Weak credentials or default root or admin accounts on IoT devices open the door for botnets such as Mirai or BASHLITE.

Advertisement. Scroll to continue reading.

According to Akamai, 47% of the DDoS traffic observed during the attack on Sept. 20 came from the EMEA region, 31% percent from North America, and 22% from Asia-Pacific. The company analyzed two other attacks performed on Sept. 22, and says that EMEA was once again the region generating the largest amount of traffic.

The company also reveals that attacks that match the Mirai/Kaiten malware-generated traffic were observed several months ago, and that one attack mitigated in June reached almost 250 Gbps at its peak. In their Threat Advisory, Akamai stresses on the fact that botnets compromise vulnerable systems through large-scale scanning and brute forcing default usernames and passwords.

“Some of these systems are easily compromised with publicly available exploits and knowledge. They can also be weaponized using publicly available attack toolkits and malware. These trends and tactics are unlikely to go away and the relative ease of building and renting these botnets will continue to lower the bar even further for attackers,” Akamai also says.

Related: Hacker Releases Source Code of IoT Malware Mirai 

Related: DDoS Attacks Are Primary Purpose of IoT Malware 

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Security Infrastructure

Security vendor consolidation is picking up steam with good reason. Everyone wants to improve security efficiency and effectiveness while paying for less.

Management & Strategy

Hundreds of companies are showcasing their products and services this week at the 2023 edition of the RSA Conference in San Francisco.

Security Infrastructure

Instead of deploying new point products, CISOs should consider sourcing technologies from vendors that develop products designed to work together as part of a...

Security Infrastructure

Comcast jumps into the enterprise cybersecurity business, betting that its internal security tools and inventions can find traction in an expanding marketplace.

Cloud Security

The term ‘zero trust’ is now used so much and so widely that it has almost lost its meaning.

Security Infrastructure

XDR's fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture

Security Infrastructure

While silos pose significant dangers to an enterprise's cybersecurity posture, consolidation serves as a powerful solution to overcome these risks, offering improved visibility, efficiency,...