A cyber attack has knocked Liberia’s internet offline, as hackers targeted the nation’s infrastructure using the same method that shut down hundreds of the world’s most popular websites at the end of last month.
Researchers believe that the same group that attacked Dyn on October 21 have also been behind this distributed denial of service (DDoS) attack on Liberia’s internet.
Multiple attacks against Liberia’s internet infrastructure have intermittently taken the country’s websites offline over the course of a week.
These recurring attacks took place on November 3rd, overwhelming the single cable that provides Liberia with its internet.
The source code for the Mirai botnet has been widely shared after being leaked last month, with a number of hacker groups using it to seek vulnerable connected devices that they then take over to mount DDoS attacks.
“There’re multiple different botnets, each with a different owner,” security researcher Kevin Beaumont told the BBC. “Many are very low-skilled. Some are much better.”
The hackers behind the “huge” network that attacked Liberia, dubbed botnet#14, were “much more skilled”, he said.
“The attacks are extremely worrying because they suggest a Mirai operator who has enough capacity to seriously impact systems in a nation state,” he wrote in a blogpost.
>See also: This is a hold up: the bitcoin ransom demand
Thomas Fischer, threat researcher and security advocate at Digital Guardian said the that the devices connected to Mirai, like IP cameras, are alluring to hackers because they provide to points of access.
“First, a web browser or command line interface on the device itself and second a cloud-based portal or web page.”
“This provides the attacker with multiple ways to gain control of the camera. The fact that it is always-on and always-connected is a strong factor, but the real attraction is the lack of built-in security.”
A long time coming?
Stephen Gates, chief research intelligence analyst at NSFOCUS, suggested that “Researchers and analysts (like myself) have been warning organisations all over the world that this day would come, and now it’s here.”
“Since the attacks on Spamhaus in early 2013 that exceeded 300Gbps, taking a country offline in a DDoS attack became more of a reality. Doing the math, a 1Tbps DDoS attack can fill 100 – 10Gbps pipes. Many smaller countries don’t have that much bandwidth serving their entire country.”
At times the amount of data being funnelled towards Liberia exceeded 600 gigabits per second.
These attacks occurred in short bursts, some lasting 30 seconds, while the longest lasted up to a few minutes.
That is a tremendous amount of data for one system to deal with, and inevitably shut it down.
Net access is now restricted in the country and the situation serves as a severe warning to other countries.
As these hacking groups work out the best way to deploy the Mirai botnet these attacks will increase in severity and longevity.
“It’s safe to say that these IoT-based attacks will become more frequent and individuals and manufacturers need to be aware of the basic attack vectors that exist,” said Simon Moffatt, senior product manager at ForgeRock.
“In a typical DDoS or botnet style attack, the victim is often not the owner and, in fact, they may not even be aware their device has been exploited by cyber criminals. Yet, as we saw with Dyn and now the attack on Liberia, the consequences can be extensive.”