Mirai, the and most powerful Distributed Denial of Service (DDoS) attack ever registered, was publicly posted online on Friday, prompting fears within the online gambling community that hackers have a potent new tool to hold them to ransom. The coding for the malware was published anonymously on hacking community website HackForums.
Internet gaming companies have been subject to DDoS attackers since the early days of the industry, of course, but the number of attacks have increased in recent years. DDoS hackers overwhelm a company’s website with thousands of meaningless requests for information, temporarily paralyzing it until a demanded ransom is paid or the site’s technicians or web-hosting company are able to fend off the threat.
Horse of a Different Color
But Mirai is something altogether different. It first surfaced on September 20, when it attacked digital security news portal KrebsOnSecurity, knocking it offline for 24 hours. Krebs reported that it was the most powerful DDoS attack ever recorded by its web-hosting service, Akamai Technologies. It flooded the site’s servers with information 620-gigabit-per-second (Gbps), which is more than twice as much as anything Akamai had ever seen before.
Just days later, French web-hosting company OVH reported two attacks, the first one reaching an extraordinary volume of 1.1 terabits-per-second (Tbps).
Akamai’s senior security expert Martin McKeay told his client that he had never before seen a bot with such terrifying capabilities. McKeay noted that the attacks were multitudinous in nature, and coming from every place on the face of the planet.
Mirai harnesses the power of thousands of Internet of Things (IoT) devices, focusing them on a central server, or botnet, to boost the power of an attack.
Increase in Attacks Puts Industry on Alert
Last year, McKeay’s company reported that the online gambling sector had become the most frequently targeted one ahead of its own, which is software and technology. Attacks were being fueled by the easy availability of DDoS-for-hire sites that identify and exploit exposed internet services. Some of these sites offer their services for as little as $38 per hour, while the attacks themselves can cause tens of thousands of dollars-worth of damage per hour.
“Akamai has been seeing greater numbers of denial of service attacks every quarter, and the upward trend continued in the most recent quarter,” said the company. “Although recent DDoS attacks were on average smaller and shorter, they still posed a significant cloud security risk,” said John Summers, vice president of Akamai.
But now there is a new threat. It’s more powerful than anything we’ve seen before and it’s in the public domain. Online gambling companies could well be the next target, and they are unsure how to completely protect themselves and their customers.