AT&T: Mirai’s Rise Seen in IoT Vulnerability Scans

AT&T said it saw a spike in scans for vulnerable IoT devices in the months leading up to the Mirai botnet attacks. (Image courtesy of AT&T)

In brief: In a new report, Internet provider AT&T said that scans for vulnerable IoT devices spiked in the first half of 2016, months before the Mirai botnet, made up largely of IoT devices, launched denial of service attacks on DYN and other targets.

In a new report, Internet provider AT&T said that it observed signs of the rise of the Mirai botnet months before it became a household word with attacks against managed DNS provider DYN and the web site Krebsonsecurity.com.

AT&T witnessed a 400% increase in scans for ports and protocols used by Internet of Things devices across the AT&T network in the first six months of 2016, which AT&T said was “a clear sign that IoT devices were being recruited.” The Mirai botnet burst onto the scene in October, 2016 with massive denial of service attacks launched from hundreds of thousands of infected cameras, digital video recorders and broadband routers.

A few months later, tens of thousands of IoT devices were commandeered to launch a series of major DDoS attacks on two large internet providers.

[Read Security Ledger’s coverage of the Mirai botnet here.]

AT&T said that the Internet of Things represents a new threat, but that few companies have adjusted their security thinking and investment to address the risks posed by connected devices. The company called on companies to set minimum standards for connected endpoints, for example: requiring unique passwords and applying software patches and updates.

Other improvements organizations need to embrace are software defined networking, improve identity and access management systems and use threat analytics, AT&T said it its report.

Comments are closed.