Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Mirai and Amnesia: Early lessons in attacks against IoT, part one

Since the early days of the internet of things, those of us who work in the world of vulnerabilities and threats have been warning about the risks associated with IoT.

When the Mirai botnet attacks came in late 2016, many felt that IoT attacks were finally here and started looking at the past for parallels. We didn’t have to look far: Over sixteen years after the distributed denial-of-service attacks that took down Yahoo, Fifa.com, Amazon.com, Dell, E-Trade, eBay and CNN in February 2000, here was another massive DDoS attack.

These early attacks came at the beginning of what turned out to be years of large-scale attacks against PCs. So the logical question is: Does Mirai represent the same thing? Are IoT attacks here and are we looking at the beginning of another era of large-scale attacks?

At first glance, this would look to be the case. After all, one thing that enabled the large-scale PC attacks was the lack of truly effective patching against vulnerabilities. It’s notable that major attacks like Code Red, Nimda, Blaster, Sasser, Zotob and Conficker all attacked vulnerabilities that patches were available for when the attacks hit. When we look at IoT, and the fact that in many cases vulnerable devices will never be patchable, let alone patched, it’s reasonable to think that this problem will be even worse. Add to this the sheer scale of IoT compared to PCs in the early 2000s, and not only does it seem reasonable to conclude that IoT attacks will be like those that we saw in the PC era, it already seems like a foregone conclusion.

And the specifics of the Mirai attacks seem to support this conclusion. One thing that made everyone take notice of Mirai was, again, the sheer scale. The Mirai attacks against Brian Krebs’ site was clocked at up to 620 gigabits per second of network traffic, and a follow-on attack against French web host OVH hit a peak at 1.1 terabits per second. As the world was reeling from these attacks, the Mirai source code went public and everyone was bracing for the worst.

But then something funny, and important, happened.


In the months since Mirai there’s been no additional follow-on attacks. The security press has moved off IoT altogether, focusing in the spring and summer of 2017 on WannaCry and then Petya. You’d be excused if you happened to miss Mirai last fall and thought that we were still waiting for IoT attacks to begin.

Much like the dog that didn’t bark in Conan Doyle’s “Silver Blaze” Sherlock Holmes story, the post-Mirai non-events tell us a lot about what the world of IoT attacks on the internet may look like. And it’s looking less dire than it did during the PC-era internet.

Check back to this column for part two in the series, which will take a closer look the Amnesia botnet as another recent example of a large-scale IoT attack that can be leveraged for lessons learned when securing the IoT.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.