March 30, 2017 by

US College Suffers 54-Hour DDoS Attack from Mirai Malware Variant

Researchers have observed a new variant of the dreaded Mirai botnet in the wild after it launched a 54-hour(!) DDoS attack against an unnamed U.S. college.

Security researchers at Imperva Incapusla have revealed details about the attack, which struck the educational institution on February 28. The attack started toward the end of the month and ran continually for 54 hours, the security company revealed.

This particular variant is “more adept at launching application layer assaults”, compared to other variants who are commonly known to launch network layer attacks, researchers added.

The average traffic flow registered at 30,000 requests per second (RPS) and clocked a peak of 37,000 RPS. This peak traffic is “the most we’ve seen out of any Mirai botnet”, Imperva says. Altogether, the 54-hour DDoS marathon attack registered over 2.8 billion requests.

Researchers were able to determine the DDoS attack was based on a Mirai botnet through a number of factors including header order, values and traffic sources. Further research revealed that the pool of attacking devices included common Mirai-compromised devices such as CCTV cameras, broadband routers and DVRs.

“While we don’t know for sure, open telnet (23) ports and TR-069 (7547) ports on these devices might indicate that they were exploited by known vulnerabilities,” researchers noted.

A majority of the compromised devices, over 70% of the botnet, stemmed from ten countries. By order of most compromised to least, they are the United States, Israel, Taiwan, India, Turkey, Russia, Italy, Mexico, Colombia and Bulgaria.

The security researchers underline the evolution of Mirai’s capabilities since the source code went public last year. Malware developers have since expanded the botnet’s range and trajectory for more elaborate and effective attacks.

Summing up the unprecedented attack, the researchers stated:

[W]ith over 90 percent of all application layer assaults lasting under six hours, an attack of this duration stands in a league of its own.

Image credit: 

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

1.7Tbps: Internet Registers its Biggest DDoS Attack Ever

A distributed denial of service (DDoS) attack mitigatory and network security company has confirmed...

Read more arrow_forward

Former Rutgers Student Pleads Guilty to Creating Mirai Botnet

A former Rutgers university student is among three men who pleaded guilty to creating the dreaded...

Read more arrow_forward

DDoS Attack Takes Down UK National Lottery Website

The UK National Lottery’s website and its associated mobile applications were knocked offline by...

Read more arrow_forward