Mirai-based attack takes Liberia’s internet offline

Last week, hackers targeting Liberia’s only link to the internet, saw the country repeatedly cut off from the global computer network.

Recurrent DDoS attacks up to 3 November swamped the cable link with data, resulting in sporadic net access. Although it isn’t clear who was behind these attacks, experts said the method used was simple enough to have been launched by a lone actor, and that it appears to have come from the same source as last month’s cyberattack against Dyn.

“Over the past week we’ve seen continued short duration attacks on infrastructure in the nation of Liberia,” said Kevin Beaumont, a computer security expert interviewed by The Telegraph. “The attacks are extremely worrying because they suggest a Mirai operator who has enough capacity to seriously impact systems in a nation state.”

Mirai botnet source code online

According to experts, the Liberia attack is similar in nature to the Dyn attack, which saw some of the biggest names on the internet taken down.

“Given the volume of traffic, it appears to be owned by the actor which attacked Dyn,” said Beaumont.

Late last month, the unknown developer of Mirai released its source code to the hacking community, meaning anyone with some hacking ability can use it. The malware spreads to vulnerable devices by continuously scanning the internet for IoT systems protected by factory default or hard-coded usernames and passwords.

Need for IoT device manufacturers to build in more security

Commenting on this news, Art Swift, President at the prpl Foundation, a not-for-profit organisations that aims to make the Internet of Things more secure, said: “This new Mirai-based DDoS attack points out the critical need for IoT device manufacturers to eliminate built-in back doors and to stop the practice of shipping devices with either hard coded or difficult to change default user names and passwords.  Eliminating these practices might be the single most important step into closing millions of wide-open cyber attack doors. The prpl foundation’s recent smart home security report ranks changing default IoT user names and passwords as one of it’s top 5 smart home security recommendations.”


Edited from sources by Cecilia Rehn.