British security researcher Kevin Beaumont recently reported that a series of massive cyber attacks using the Mirai DDoS botnet periodically disabled all Internet access throughout the country of Liberia.
“Liberia has one Internet cable, installed in 2011, which provides a single point of failure for Internet access. … The attacks are extremely worrying because they suggest a Mirai operator who has enough capacity to seriously impact systems in a nation state,” Beaumont wrote.
An employee at a Liberian mobile service provider told Network Worldthat the attacks were hurting his business. “It’s killing our revenue,” he said. “Our business has been targeted frequently.”
Beaumont said it appears that the attacks, which targeted Liberian telecom operators who co-own the single Internet cable, were being used to test denial of service techniques.
Given the volume of traffic, more than 500 Gbps, Beaumont said it appears that the botnet is owned by the same actor who hit the managed DNS provider Dyn on October 21, disabling websites across the U.S.
Mikko Hypponen, chief research officer at F-Secure, told VICE News that those actors were probably… kids. “Kids who have the capability and don’t know what to do with it,” he said.
Flashpoint director of security research Allison Nixon agreed with that assessment, stating in a blog post, “The technical and social indicators of this attack align more closely with attacks from the Hackforums community than the other type of actors that may be involved, such as higher-tier criminal actors, hacktivisits, nation states, and terrorist groups.”
Still, NSFOCUS chief research intelligence analyst Stephen Gates told eSecurity Planet by email that attacks like these could have a real impact on tomorrow’s U.S. presidential election.
While U.S. polling machines aren’t connected to the Internet, Gates said, some voter identification systems may be. “In some states, the voter ID must be checked before a voter can proceed,” he said. “If those systems are connected to the Internet to gain access to a database of registered voters, and they were taken offline, then would-be voters could not be verified.”
“What that would mean to the election process is anyone’s guess,” Gates added.
According to Nexusguard’s Q3 2016 DDoS Threat Report, the number of reflection-based DDoS attacks fell more than 40 percent during the third quarter of the year, while IoT-based botnets reached unprecedented speeds. The U.S. saw the most attack events in the third quarter, followed by China, Russia and the United Kingdom.
“Few service providers can sustain the level of malicious traffic we saw in Q3 from IoT botnets, so these DDoS outages are causing companies to completely rethink their cybersecurity strategies,” Nexusguard chief scientist Terrence Gareau said in a statement.
“Hackers’ preferences for botnets over reflection attacks are typical of cyclical behavior, where attackers will switch to methods that have fallen out of popularity to test security teams with unexpected vectors,” Gareau added.