Full Text

There's no magic behind the success of Mirai DDoS botnets that are made up of IoT devices: the software enabling them is publicly available, which makes it easy for relatively inexperienced actors to create them and turn them loose on anyone.

Flashpoint speculates that the attacker in the case of the Dyn DDoS, which had an enormous impact on major Web sites, was the work of low-skilled script kiddies - a frightening prospect that contributes to Trend Micro's assessment that "the Internet of Things ecosystem is completely, and utterly, broken."

+More on Network World: US Senator wants to know why IoT security is so anemic+

To amass an IoT botnet, Mirai bot herders scan a broad range of IP addresses, trying login to devices using a list of 62 default usernames and passwords that are baked into Mirai code, according to US-CERT.

Mirai connects hijacked devices to an IRC-type service where it waits for commands. Often one of the first things a bot does is scan the internet for more vulnerable devices to infect. These devices are largely security cameras, DVRs and home routers. Brian Krebs, whose krebsonsecurit.com site was one of the first hit by a massive Mirai-based DDoS attack, lists some of the specific devices here.

When Mirai botnets are called upon to carry out DDoS attacks,...