Mirai copycats fired the IoT-cannon at game hosts, researchers find

The Mirai botnet that took down large chunks of the Internet in 2016 was notable for hosing targets like Krebs on Security and domain host Dyn, but research presented at a security conference last week suggests a bunch of high-profile game networks were also targeted.

Although Mirai's best-known targets were taken out by the early infections, other ne'er-do-well types saw its potential and set up their own Mirai deployments, finishing up with more than 100 victims on the list.

That's the conclusion suggested in a paper, Understanding the Mirai Botnet, presented at last week's Usenix Security conference in Canada last week and penned by a group spanning Google, Akamai, Cloudflare, two universities and not-for-profit networking services provider Merit Network.

The authors confirm the kinds of infection targets seen by other Mirai researchers – digital video recorders, IP cameras, printers and routers – and observe that the devices hit were “strongly influenced by the market shares and design decisions of a handful of consumer electronics manufacturers.”

Helping matters out were known administrator passwords, such as "0000000" for a Panasonic printer and "111111" for a Samsung camera.

The authors were also surprised to find targets that previous Mirai research hadn't revealed. They say the PlayStation Network was a target, as Flashpoint hinted last year, as was XBOX Live. Other groups operating Mirai botnets targeted “popular gaming platforms such as Steam, Minecraft, and Runescape.”

Even that's a small slice of the overall attack distribution, since the total of more than 15,000 Mirai attacks that ended up in the researchers' sample hit 5,046 victims on 4,730 individual IP addresses, 196 subnets, and 120 individual domain names. ®