Fears are mounting that there could soon be a rise in large scale DDoS attacks after the source code used to launch the recent crippling attack on Krebs On Security was shared on a hacker forum.
Brian Krebs' website was hit by what has been described as the largest ever DDos attack recently, and the Mirai botnet source code has now been made available for anyone to make use of. The style of attack is particularly interesting as it involves using compromised Internet of Things devices such as webcams and other connected IoT hardware.
Now that the source code is out in the wild, security experts fear that we could soon see a repeat of the Krebs attack on other sites. Krebs himself says that the leak means that follow-up attacks are "virtually guaranteed".
Attacks on the scale experienced by Krebs On Security have previously been the domain of specialist groups, but concerns are rising that increasing numbers of amateur online disruptors will be able to wreak havoc. Speaking to Ars Technica, Dale Drew from Level 3 Communications said:
There is already a surge in botnet operators attempting to find and exploit IoT devices in order to gain access to uniform and sizable botnet networks. These botnets are largely being used in [DDoS-for ransom] campaigns, which is netting the operators significant revenue and the ability to spend more time to improve their capabilities and add additional layers of sophistication.
By releasing this source code, this will undoubtedly enable a surge in botnet operators to use this code to start a new surge in consumer and small business IoT compromises. And while most of the current IoT compromises have been around a very specific telnet exploit, I predict that botnet operators–eager to command multi hundred thousand botnet nodes -- will be searching for a larger inventory of IoT exploits to take advantage of. This could be the start of a surge of attacks against IoT devices in the consumer space.
With the widespread and increasing adaption of the Internet of Things, the security of connected devices is only going to become a bigger problem. With botnet code in the wrong hands -- and many more hands than before -- it's a problem the effects of which could be felt sooner rather than later.