A computer code which can be used to launch web attacks to take down websites has been released online, putting website owners at risk.
The 'Mirai' source code was posted on a widely used hacker forum over the weekend. It is believed that the same technique was used to shut down the website of security researcher Brian Krebs in late September, which launched 620 gigabits of data to the site, enough to bring it down.
It was initially believed that the attack on Krebs' website was one of the biggest web assaults ever. However, soon after, two simultaneous attacks were launched on French hosting firm OVH, which was targeted by over 1 terabits of data.
With this in consideration, security researches are indicating that the aforementioned attacks managed to generate so much data by seeking out insecure and compromised devices under the Internet of Things umbrella. These include webcams, routers, DVRs, and thermostats, which can be controlled by owners through the internet.
The Mirai code has a built-in scanner, which scans for any vulnerable devices. Devices found will be enrolled into a botnet, which is then used to power a Distributed Denial of Service (DDoS) attack.
"There is already a surge in botnet operators attempting to find and exploit IoT devices in order to gain access to uniform and sizable botnet networks," said Dale Drew, a chief security officer at Level 3, in a statement to Ars Technica. He adds:
"By releasing this source code, this will undoubtedly enable a surge in botnet operators to use this code to start a new surge in consumer and small business IoT compromises. And while most of the current IoT compromises have been around a very specific telnet exploit, I predict that botnet operators–eager to command multi hundred thousand botnet nodes–will be searching for a larger inventory of IoT exploits to take advantage of. This could be the start of a surge of attacks against IoT devices in the consumer space."
At this point, it is highly suggested to check that your routers and anything connected to the internet has a proper security setup. Utilizing a strong password always goes a long way, away from hackers who plan to utilize unsecured devices, or IoT devices using default admin passwords, to launch the next big attack on websites.