Mirai DDoS could be back, as it adds 13 more router brands to its arsenal

A Mirai variant was seen targeting multiple router brands

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The dreaded Mirai distributed denial of service (DDoS) botnet might be set for a return after researchers spotted a lookalike botnet expanding fast.

Cybersecurity researchers fromFortinetrecently observed a botnet called IZ1H9 adding a dozen new payloads. The botnet is based on Mirai, and targets routers from almost a dozen manufacturers, vulnerable to multiple flaws. The routers being targeted with new payloads include those built by D-Link, Netis, Sunhillo, Geutebruck, Yealink, Zyxel, TP-Link, Korenix, TOTOLINK, and possibly Prolink. The vulnerabilities the hackers are going for with these payloads date from 2015 to 2023.

Apparently, the exploitation rates peaked in early September 2023, reaching “tens of thousands” of attempts on vulnerable endpoints.

Adding more bots

DDoS attacks are a common tactic among cybercriminals, in which they disrupt internet-facing websites and services. They overwhelm the target servers by directing obscene amounts of traffic their way until they can no longer serve all of them and just crash. Although it might seem trivial, especially because theaverage DDoS attack lasts less than 10 minutes, the attacks can cause all sorts of damage to a company (especially financial damage) and could last agonizingly long.

DDoS attacks are often used in synergy with other forms of cyberattacks. In some cases, threat actors would disable the victim’s back-end with ransomware, and the front-end with DDoS. Then, they’d demand payment in cryptocurrency in exchange for both the decryption key for the data in the back-end, and for restoring the front-end.

To be able to overwhelm a server, a botnet needs many endpoints, or bots, to send countless data requests. That’s why botnets strive to compromise and assimilate as many devices as possible. Routers, connected TVs, smart home appliances, and everything else that connects to the internet, can be used. Recently,Googlesaid it mitigated the largest DDoS attack ever recorded, peaking at almost 400 million requests per second.

ViaBleepingComputer

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Scotland vs South Africa live stream: how to watch 2024 rugby union Autumn International online from anywhere