Changes To Mirai Botnet Behavior On Election Day

Using Project Heisenberg, the Rapid7 Labs team has been tracking Mirai botnet activity since Oct. 31, and we wanted to alert you to some notable differences in behaviour.

Here are the key findings as of this evening:

• We’ve tracked over 360,000 unique IPv4 addresses associated with Mirai traffic since October 8, 2016 and have been monitoring another ramp up in activity that started around November 4, 2016
• At mid-day on November 8, 2016 the traffic volume was as high as the entire day on November 6, 2016, with all indications pointing to a probable significant increase in botnet node accumulation by the end of the day
• On November 6, 2016 the U.S. dropped out of the top 10 originating countries. As we dug into the data, we noticed a significant and sustained drop-off of Mirai nodes from two internet service providers: Comcast and UUNET (d/b/a Verizon Business)

It’s worth noting: regardless of the changes we’ve seen in the Mirai botnet over the last several days, we still do not expect Mirai, or any other online threat, to have an impact on today’s election. The most realistic, worst-case scenarios we envision for cyber-hijinks this election day are DDoS attacks, which can impact how people get information about the election.

Our full findings (with graphs) are published here: https://community.rapid7.com/community/infosec/blog/2016/11/08/election-day-tracking-the-mirai-botnet

[short_info id=’60232′]