Image: Alison DeNisco/TechRepublic
Hackers attempted four Mirai botnet Distributed Denial of Service (DDoS) attacks against the campaign websites of Hillary Clinton and Donald Trump this week, according to findings from cybersecurity firm Flashpoint.
On Sunday, the company observed a 30-second HTTP layer 7 attack against Trump’s website. On Monday, it found a separate set of attacks against both Trump and Clinton’s campaign sites. But neither site observed or reported an outage, Flashpoint analysts noted in a post on the company’s website.
“While each of these attacks appear to be distinct and powered by different groups, they were all perpetrated using Mirai-based botnets, all categorized as HTTP layer 7 attacks, and all lasted for 30 seconds,” according to Flashpoint cyber intelligence analysts. HTTP layer 7 attacks often target specific areas of a website, making it difficult to separate from normal traffic.
SEE: Cybersecurity Research 2016: Weak Links, Digital Forensics, and International Concerns (Tech Pro Research)
The identity of the hackers remained unknown as of Election Day. However, one known hacker claimed credit for the first set of attacks against Trump’s website, Flashpoint noted: Jono Gaukster tweeted the following to Trump just 30 minutes after the attack.
These DDoS attacks were limited to the candidate’s websites, and have not targeted nor impacted the infrastructure of the electoral process, Flashpoint analysts said in the post.
“Flashpoint assesses with high confidence that these attacks were not perpetrated by a state actor,” the post stated. “This attack, in addition to other more powerful, higher-profile attacks associated with the Mirai botnet, all align closely with tactics, techniques, and procedures commonly executed by hackers operating from underground forums.”
The attempted attacks may not have been politically motivated, the Flashpoint post said. These underground hackers are often driven by the desire for attention, credibility, or disruption, and concerns over Election Day attacks offer an opportunity to capitalize on that, the firm noted.
Spread of the Mirai botnet
The Mirai botnet—an open source, denial of service toolkit—infects Internet of Things (IoT) devices with weak security (such as default usernames and passwords) to launch DDoS attacks.
With the release of the Mirai botnet source code, it’s likely that the botnet has been fractured into smaller, competing botnets—leading more hackers to attempt to use it, analysts said in the post.
“We have been lately seeing more and more of these compromised devices getting involved in classic DoS attacks,” said Engin Kirda, professor of computer science at Northeastern University. “I would say that there is a good chance that we will see more IoT devices in cyber attacks going forward.”
These attempted presidential candidate hacks follow last month’s DDoS attack on internet performance management company Dyn, which left companies including Twitter, Amazon, and Netflix without service throughout the day on October 21. It marks one of the largest DDoS attacks ever performed. Devices infected with the Mirai botnet were partially to blame, security firms found.
While DoS attacks are difficult to protect against in some cases, such as for smaller organizations with fewer resources, they are generally not incredibly sophisticated because they are “loud and noisy,” Kirda said. “From an election point of view, I would not be concerned,” he said.
“In the future, I’d be more concerned about stealthy, targeted types of attacks that aim to access and leak sensitive (and also potentially fabricated) information and influence people’s perception of organizations and candidates,” Kirda said.
The fragmentation of the botnet will likely make future attacks weaker, said Ronnie Tokazowski, senior malware analyst at Flashpoint. “IoT device vendors are now more aware of the vulnerabilities, so hopefully we will see less of this in the future,” Tokazowski said.
Flashpoint will continue to track the Mirai botnet in the future, the post stated.
The 3 big takeaways for TechRepublic readers
- This week, hackers attempted four DDoS attacks against the campaign websites of Hillary Clinton and Donald Trump using the Mirai botnet, according to cybersecurity firm Flashpoint.
- It was likely unsophisticated actors that perpetrated the attack, as neither website observed or reported an outage, Flashpoint found.
- The DDoS attacks were limited to the candidate’s websites, and have not targeted the infrastructure of the electoral process, Flashpoint analysts said.