The cyber attack that affected nearly a million customers of German internet provider Deutsche Telekom this weekend was likely caused by a modified version of the Mirai worm which exploits vulnerabilities in Internet of Thing devices.
The malware that disrupted TV and phone networks apart from TVs, actually crashes Internet of Thing devices or uses them as part of a botnet in distributed denial of service (DDoS) attacks, Wired reported Tuesday.
The botnet attack affected just under five per cent of the ISP’s 20 million customers in Germany at its peak, hitting 900,000 people at its peak.
The security vulnerability was being exploited by the attack in at least two models of Deutsche Telekom’s customer routers, allowing a malicious virus to enter through an unsecured port.
A patch was issued by the company for two models affected by the hack (Speedport W 921V and Speedport W 723V Type B) and advised users to reboot their routers for clearing the virus from their devices.
Similarly on September 20 2016, the Mirai botnet was used to target the website of American cyber security journalist Brian Krebs, directing up to 620 gigabits of traffic every second from hacked IoT devices including CCTV cameras.
During that time, the Mirai source code was posted onto the hacking community website Hackforums.net. Under the name “Anna-senpai” the user released the source code and said, “Today, I have an amazing release for you. With Mirai, I usually pull max 380k bots from telnet alone. However, after the Kreb [sic] DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300k bots, and dropping.”
After the attack on Krebs’ website on 21 October 2016, Mirai was used to attack the internet services company Dyn, resulting into mass outages on Twitter, Spotify and Paypal.
Then, the same source code was also used on November 15 to attack Liberia’s internet infrastructure, hitting large parts of the country to offline.