Abstract
In September of 2016, a new threat appeared on the internet that launched crippling Denial of Service Attacks against several high-profile targets. The Mirai Botnet, as it was called, took advantage of the weak security measures on Internet of Things (IoT) devices and used them to launch these DDoS attacks. The severity of these attacks awakened the technology industry to the lack of security for IoT devices. The use of IoT devices is expanding rapidly, creating an increasingly large attack surface for threats like Mirai. Multiple technology organizations have since been working to develop standards to push manufacturers to emphasize security on their devices and implement new technologies to improve security for consumers and enterprises. The renewed interest in security and the development of security standards may not be enough, as the market for IoT devices often incentivizes ease of use and practicality over security. The goal of this document is two-fold. First, I will explore the workings of one of the most disruptive pieces of malware in recent history, the Mirai Botnet. Second, I will explore methods to secure IoT devices from being compromised by malware such as the Mirai Botnet.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Casarona, J., McHale, L., McDougall, L., Gunreddy, V., Cantrell, M., Gora, M., Morozov, S., Maiti, A., Kim, I., Schaumont, P.: Research on Physical Unclonable Functions (PUFs) at SES Lab, VT, Retrieved Oct 2018 from Virginia Tech’s Bradley Department of Electrical & Computer Engineering Website: http://rijndael.ece.vt.edu/puf/background.html (2011)
Hamilton, D.: Best practices for IoT security. Retrieved Sept 2018 from Network World’s Website: https://www.networkworld.com/article/3266375/internet-of-things/best-practices-for-iot-security.html (2018, March 27)
Internet of Secure Things: what is really needed to secure the Internet of Things?. Retrieved Oct 2018 from Icon Labs’ website: https://www.iconlabs.com/prod/internet-secure-things-%E2%80%93-what-really-needed-secure-internet-things (2018)
Kepes, B.: Forget two-factor authentication, here comes context-aware authentication. Retrieved 31 Oct 2018 from Computer World’s Website: https://www.computerworld.com/article/3105866/application-security/forget-two-factor-authentication-here-comes-context-aware-authentication.html (2016, Aug 15)
Kerner, S.M.: DDoS Attack Snarls friday morning traffic. Retrieved 21 Oct 2018 from eWeek’s Website: http://www.eweek.com/security/ddos-attack-snarls-friday-morning-internet-traffic (2016, Oct 21)
Kerner, S.M.: Mirai IoT Botnet creators plead guilty for roles in cyber-attacks. Retrieved 19 Sept 2018 from eWeek’s Website: http://www.eweek.com/security/mirai-iot-botnet-creators-plead-guilty-for-roles-in-cyber-attacks (2017, Dec 13)
Kirk, J.: Review shows glaring flaws in Xiongmai IoT devices. Retrieved 17 Dec 2018 from Bank Info Security’s website: https://www.bankinfosecurity.com/review-shows-glaring-flaws-in-xiongmai-iot-devices-a-11596 (2018, October 12)
Krebs, B.: Source code for IoT Botnet “Mirai” released. Retrieved 24 Oct 2018 from Brian Krebs’s cyber-security blog, Krebs on Security. https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/ (2016, Oct 1)
Krebs, B.: Who makes the IoT things under attack?. Retrieved 11 Sept 2018 from Brian Krebs’s cyber-security blog, Krebs On Security: https://krebsonsecurity.com/2016/10/who-makes-the-iot-things-under-attack/ (2016, Oct 3)
Krebs, B.: Hacked cameras, DVRS powered todays massive internet outage. Retrieved 14 Sept 2018 from Brian Krebs’s cyber-security blog, Krebs On Security: https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/ (2016 Oct 21)
Krebs, B.: Study, attack on Krebsonsecurity cost IoT device owners 323k. Retrieved 11 Sept, 2018 from Brian Krebs’s cyber-security blog, Krebs On Security: https://krebsonsecurity.com/2018/05/study-attack-on-krebsonsecurity-cost-iot-device-owners-323k/ (2018, May 7)
Miller, S.: NIST maps Out IoT security standards. Retrieved 29 Oct 2018 from GCN’s Website https://gcn.com/articles/2018/02/15/nist-iot-standards.aspx (2018, Feb 15)
O’Niell, M.: Insecurity by design: today’s IoT Device security problem. Engineering. 2(1), 48–49 (2016)
Solomon, H.: How to secure consumer IoT Devices in the enterprise. Retrieved Oct 2018 from IT World Canada’s website: https://www.itworldcanada.com/article/how-to-secure-consumer-iot-devices-in-the-enterprise/404144 (2018, April 17)
Vanian, J.: Mirai Botnet: 3 Men Plead guilty to cybercrimes. Retrieved 19 Sept 2018 from Fortune.com: http://fortune.com/2017/12/13/%E2%80%AA%E2%80%AAmirai%E2%80%AC-%E2%80%AAbotnet%E2%80%AC-cybercrime-doj/ (2017, Dec 13)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Eustis, A.G. (2019). The Mirai Botnet and the Importance of IoT Device Security. In: Latifi, S. (eds) 16th International Conference on Information Technology-New Generations (ITNG 2019). Advances in Intelligent Systems and Computing, vol 800. Springer, Cham. https://doi.org/10.1007/978-3-030-14070-0_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-14070-0_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-14069-4
Online ISBN: 978-3-030-14070-0
eBook Packages: EngineeringEngineering (R0)