Security experts are claiming that the notorious Mirai botnet has now fractured into smaller competing entities after the attempts of one offshoot to DDoS the websites of both presidential candidates failed.
The source code for the Mirai malware was released in early October, leading to the compromise of large numbers of IoT devices which were subsequently used to take down KrebsonSecurity site, as well as French hosted OVH and, most famously, DNS firm Dyn.
However, the very fact that the source code has been made available to all means its effectiveness is waning, according to security firm Flashpoint.
“Though not impossible, overcoming this competition is a considerable challenge and so far, the IoT botnet landscape appears to be saturated with too many would-be controllers and not enough new vulnerable devices,” said the firm. “Due to these factors, the botnet’s fracturing has significantly lowered the impact, efficacy, and damage of subsequent attacks since the Mirai source code’s release and the attack on Dyn.”
On Sunday and Monday, attackers tried and failed to take down the official websites of Donald Trump and Hillary Clinton in brief Layer 7 DDoS attempts.
“Flashpoint assesses with high confidence that these attacks were not perpetrated by a state actor,” the blog continued. “This attack, in addition to other more powerful, higher-profile attacks associated with the Mirai botnet, all align closely with tactics, techniques, and procedures commonly executed by hackers operating from underground forums.”
There still exists a chance that the websites of organizations which point out where polling stations are and arrange transportation for voters could be targeted, as could the online voting platforms of five states, according to Imperva.
The security vendor last week released a Mirai scanning tool for consumers to check whether they own a device which is infected or vulnerable to the malware.