Botnet Attack Takes Out Liberia’s Internet Service As Attackers Threaten UK Companies And Security Researchers

It’s been two weeks since a botnet wreaked havoc in some parts of the United States. Using Mirai malware, hackers were able to penetrate into IoT devices through which they were able to deny some users access to some big sites like Twitter, PayPal, Netflix, Spotify and Amazon. But in the week leading to the 31^st of October, a botnet called Botnet #14 took the entire West African nation of Liberia offline. Botnet 14 continuously attacked IP addresses allocated to two companies that co-own Liberia’s fibre cable.

How they identified that Liberia as a major target in the attacks.

[xyz-ihs snippet=”Botnet-14″]

A Twitter account that goes by @MiraiAttacks which reports such attacks alerted followers that a certain IP was under attack and it was at that point that a UK based security expert Kevin Beaumont noticed this and then identified that the IP as belonging to Liberian firms. “Over the past week we’ve seen continued short duration attacks on infrastructure in the nation of Liberia. Liberia has one internet cable, installed in 2011, which provides a single point of failure for internet access. From monitoring we can see websites hosted in country going offline during the attacks — additionally, a source in country at a Telco has confirmed to a journalist they are seeing intermittent internet connectivity, at times which directly match the attack. The attacks are extremely worrying because they suggest a Mirai operator who has enough capacity to seriously impact systems in a nation state.”

While the attacks seems to have stopped by the 2^nd of November, the attacks were significant. The Dyn attack that denied service to some users in the US was said to have been around 1.1 terabyte-per-second, the Liberian one was estimated to have been about 500 gigabits per second. That’s quite big for a nation that has just one fibre cable that serves its 4.3 million people and 6 percent of whom have access to the internet.

But Beaumont believes the attackers may have been testing out their skills but in any case, Mirai attacks of this nature are extend to continue for some time. Right now the malware source code is on the dark web and can be used at any time to launch attacks. This brings to light the security issues that comes with Internet of Things (IoT) devices.

The Liberian companies have put anti-DDoS measures in place against future occurrences according to reports.

The attackers are sending threat messages about the United Kingdom while threatening researchers like Kevin with attacks should they keep making the public aware of such activities.