A new variant of the IoT based Mirai botnet has surfaced creating a major distributed denial of service (DDoS) attack in Germany as documented below 


A new wave of attacks involving the Mirai botnet has crippled internet access for nearly a million home users in Germany. The latest attacks used a new version of the Mirai malware (Linux.Gafgyt.B) which is configured to exploit a weakness found in routers widely used in Germany. While the original Mirai malware (Linux.Gafgyt) was designed to perform brute-force attacks on a range of routers, this latest variant exploits a weakness in the CPE WAN Management Protocol which leaves TCP port 7547 open on the device. According to Germany’s Information Security Bureau, the attacks began on Sunday November 27 and continued into Monday.

Virulent threat to IoT devices — Mirai first appeared in September, when it was used in a huge distributed denial of service (DDoS) attack against the website of journalist Brian Krebs. The malware has since spread quickly, infecting a range of IoT devices including routers, digital video recorders and web-enabled security cameras. It caused major disruption in October, when it powered a DDoS attack on domain name system (DNS) provider Dyn that temporarily knocked a number of major websites offline, including Spotify, Twitter, and PayPal.

Guarding against attack — Users of IoT devices should take a number of precautionary measures to minimize the risk of infection from Mirai and similar threats:

**  Research the capabilities and security features of an IoT device before purchase
**  Perform an audit of IoT devices used on your network
**  Change the default credentials on devices. Use strong and unique passwords for device accounts and Wi-Fi networks.
**  Use a strong encryption method when setting up Wi-Fi network access (WPA)
**  Disable features and services that are not required
**  Disable Telnet login and use SSH where possible
**  Disable Universal Plug and Play (UPnP) on routers unless absolutely necessary
**  Modify the default privacy and security settings of IoT devices according to your requirements and security policy
**  Disable or protect remote access to IoT devices when not needed
**  Use wired connections instead of wireless where possible
**  Regularly check the manufacturer’s website for firmware updates
**  Ensure that a hardware outage does not result in an unsecure state of the device