It would appear that the world is having trouble with the Mirai DDoS BotNet, and now she has evolved, returning online for your renting. The world is shaken at the fact that malicious cyber-criminals are starting to provide a new type of digital hacking service. DDoS-for-hire services are becoming more and more popular, and are accessed by other hackers, as well as those pesky scammers that we all love to hate.
The hackers that are reportedly selling terrorist database information on the darknet, Poporet and BestBuy, are now offering new DDoS-for-hire services. In this act of cyber-terrorism, they are claiming to be renting out their version of the upgraded Mirai BotNet. So far, it is alleged that their botnet has compromised somewhere around 400,000 different pre-infected bots. I am only assuming that these hackers have reversed engineered the Maria BotNet; while the code was available online from GitHub. I should also probably notate that both alleged hackers have made the headlines across the world, after they targeted several high-profile US government institutions, as well as other businesses, by making use of the GovRAT malware.
Reading about the hackers from Bleeping Computer, it is reported that the botnet in which is ready for renting, may in fact offer one of the world’s largest collections of these infected bots to date. When reviewing their ad, the Mirai bots are rented out, but for a minimum of 2 weeks. You can request a DDoS attack to last an entire year, provided that your pockets are deep enough. The way that the two hackers have broken down their sales for the botnet DDoS-for-hire services, is rather simple.
The price is determined by the selected number of bots (which means the more bots, the more money), as well as the attack duration (again, the longer duration equals more money), and finally, the cool down time (a longer cool down, less money). While customers that purchase more bots don’t qualify for any types of discount, one does obtain a discount if they extend their cool down time.
A rough example of a simple attack would be something like this:
Price for 50,000 bots, in which will constantly attack your target for a duration of 3,600 seconds (1-Hour); with a 5-10 minute cool down timer set for 2 weeks, is between $3k-$4k.
With this financial increase on renting the Mirai DDoS Botnet, we understand that the two hackers did their research on the botnet and upgraded it for an optimized performance.
We can clearly see by the screen shot of a conversation, that the hackers, Popopret and BestBuy, have performed some major improvements on the Mirai BotNet, as they offer other additional services including SSH, in order to fully support the brute-force attacks needed to properly exploit the zero-day vulnerabilities in IoT devices.
Two security researchers, 2sec4u and MalwareTech, revealed on Twitter that the latest version of the botnet is easily capable of performing DDoS attacks, simply by fooling the IP addresses and thus, successfully bypassing any DDoS mitigation mechanisms on the servers.
The alleged sellers of the botnet have not provided any information as to just exactly how their botnet avoids any amount of detection. They have also claimed to have held the source code to Mirai well before it was released publicly.
The only thing I know for sure, is that time will only tell what’s in store for the Internet and our IoT devices.
This article (Mirai DDoS BotNet is Back for Renting) is a free and open source. You have permission to republish this article under a Creative Commons license with attribution to the author and AnonHQ.com.