March 30, 2017 by

US College Suffers 54-Hour DDoS Attack from Mirai Malware Variant

Researchers have observed a new variant of the dreaded Mirai botnet in the wild after it launched a 54-hour(!) DDoS attack against an unnamed U.S. college.

Security researchers at Imperva Incapusla have revealed details about the attack, which struck the educational institution on February 28. The attack started toward the end of the month and ran continually for 54 hours, the security company revealed.

This particular variant is “more adept at launching application layer assaults”, compared to other variants who are commonly known to launch network layer attacks, researchers added.

The average traffic flow registered at 30,000 requests per second (RPS) and clocked a peak of 37,000 RPS. This peak traffic is “the most we’ve seen out of any Mirai botnet”, Imperva says. Altogether, the 54-hour DDoS marathon attack registered over 2.8 billion requests.

Researchers were able to determine the DDoS attack was based on a Mirai botnet through a number of factors including header order, values and traffic sources. Further research revealed that the pool of attacking devices included common Mirai-compromised devices such as CCTV cameras, broadband routers and DVRs.

“While we don’t know for sure, open telnet (23) ports and TR-069 (7547) ports on these devices might indicate that they were exploited by known vulnerabilities,” researchers noted.

A majority of the compromised devices, over 70% of the botnet, stemmed from ten countries. By order of most compromised to least, they are the United States, Israel, Taiwan, India, Turkey, Russia, Italy, Mexico, Colombia and Bulgaria.

The security researchers underline the evolution of Mirai’s capabilities since the source code went public last year. Malware developers have since expanded the botnet’s range and trajectory for more elaborate and effective attacks.

Summing up the unprecedented attack, the researchers stated:

[W]ith over 90 percent of all application layer assaults lasting under six hours, an attack of this duration stands in a league of its own.

Image credit: 

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

DDoS Attack Takes Down UK National Lottery Website

The UK National Lottery’s website and its associated mobile applications were knocked offline by...

Read more arrow_forward

DDoS Attacks Double with Corporate Data Under Threat

DDoS attacks are on the rise in 2017 with a third of all organizations facing at least one DDoS...

Read more arrow_forward

DDoS Attacks Blamed on Mirai-Style Botnet of 70,000 Android Devices

Researchers from a number of cybersecurity giants are banding together to fight a vast botnet...

Read more arrow_forward