Essential Guide

Get started Bring yourself up to speed with our introductory content.

How the Mirai botnet changed IoT security and DDoS defense

The Mirai botnet targeted many high-profile organizations, causing massive disruption. This guide reviews the outbreak of Mirai, the emergence of variants of the original threat and new DDoS mitigation strategies.


The Mirai botnet has affected hundreds of thousands of internet of things (IoT) devices since it first emerged in the fall of 2016. With its original malware and countless spinoffs, Mirai has kept security professionals busy and launched a new era of IoT security threats.

Understanding what happened with Mirai -- and what is still happening -- can go a long way to strengthening distributed denial-of-service (DDoS) attack defense. This guide is a collection of the most important events and takeaways from the outbreak of the Mirai botnet and its variants.

1Latest developments-

What's new with the Mirai botnet

Recent events around Mirai relate to the legal and technical fall out -- accused creators and operators of the botnet are facing charges; the industry is calling for better, more secure IoT designs; and the next generation of the Mirai botnet is taking shape and wreaking havoc.


Mirai creators and operators plead guilty to federal charges

The Department of Justice announced guilty pleas from the three Mirai creators and operators behind the massive worldwide botnet DDoS attacks in 2016. Continue Reading


Okiru malware puts billions of connected devices at risk

News roundup: Okiru, a new Mirai variant, could put over 1.5 billion devices at risk of a botnet. Plus, G Suite Enterprise now comes with a security center, and more. Continue Reading


Next-gen Mirai botnet targets cryptocurrency mining operations

A variant of the Satori botnet, a successor of the IoT device hijacking Mirai botnet, is designed to hijack cryptocurrency mining operations, syphoning off newly created digital coins Continue Reading


Next-gen Mirai botnet sparks calls for more secure IoT design

News of a 100,000 device strong IoT botnet that could cripple the internet has sparked a fresh call for manufacturers of IoT devices to do more to ensure they cannot be hijacked for malicious purposes Continue Reading


Global hacker botnet tops 6 million hijacked devices

A year after the first Mirai botnet attacks, the global botnet has grown, with many countries and cities unwittingly hosting large number of bot-infected devices Continue Reading

2Mirai botnet variants-

The threat doesn't end with Mirai

Hackers have leapt through the window Mirai opened and created spinoffs of the original malware. Different malware instances and botnets used Mirai as a starting point and implemented new functionality to target routers and other IoT devices.


How does BrickerBot threaten enterprise IoT devices?

BrickerBot is similar to other IoT malware like Mirai, Hajime and others. Expert Judith Myerson explains what makes BrickerBot different, and what can be done to defend against it. Continue Reading


Hajime malware: How does it differ from the Mirai worm?

Hajime malware was discovered to have links to the Mirai botnet that launched powerful DDoS attacks last year. Expert Nick Lewis explains how Hajime differs from Mirai. Continue Reading


Modified Mirai botnet could infect five million routers

Researchers said a modified version of the Mirai botnet code has been attacking routers by exploiting a specific vulnerability and may leave millions at risk. Continue Reading


More than 2,000 TalkTalk routers hijacked by Mirai botnet variant

Security researchers are urging ISPs to issue emergency patches for Marai botnet infections after 2,374 TalkTalk routers were linked in a regional botnet Continue Reading

3The history of Mirai-

How the threat of the Mirai botnet got so bad

From the Dyn disruption that took down part of the internet to the botnet attack on the largest telecom company in Germany, here is a look at the early history of the Mirai botnet and how it put the world on notice.


Release of Mirai IoT botnet malware highlights bad password security

Mirai, the IoT botnet malware code used in the massive DDoS attack on Brian Krebs' website, has been released to the public and highlights a problem of using default passwords. Continue Reading


Details emerging on Dyn DNS DDoS attack, Mirai IoT botnet

As more details emerge on last week's massive Dyn DNS DDoS, new analysis indicated as few as 100,000 Mirai IoT botnet nodes were enlisted in the incident and reported attack rates up to 1.2 Tbps. Continue Reading


Deutsche Telekom botnet attack underlines infrastructure vulnerabilities

German telco says its broadband outages are linked to a botched attempt to hijack routers, which security experts say further underlines the cyber threat to internet connected infrastructure Continue Reading


In a post-Mirai world, the FTC wants more secure routers from D-Link

The Federal Trade Commission filed a lawsuit against D-Link, and experts said the move was likely to push more secure routers in the wake of the Mirai botnet attacks. Continue Reading


Suspect in Mirai malware attack on Deutsche Telekom arrested

News roundup: U.K. authorities arrested a suspect in the Mirai malware attack on Deutsche Telekom. Plus, a judge denies a government request to collect fingerprints, and more. Continue Reading

4Botnet mitigation strategies-

How to stop the Mirai botnet in its tracks

Since hackers were able to cause such widespread disruption with Mirai, the security industry was forced to develop new tactics and defenses for these massive DDoS attacks. These are the lessons the world has learned and the options available to mitigate the effects of another Mirai botnet.


What can enterprises do to prevent an IoT botnet attack?

An IoT botnet attack on Huawei home routers showed similarities to the Mirai malware. Expert Judith Myerson explains the threat and how enterprises can protect themselves. Continue Reading

Blog Post

What we can learn from the Mirai botnet attack

Mirai was a wake-up call; worse attacks are possible. It's time for device makers and data stakeholders to assess the importance of IP support in IoT. Continue Reading


Nematode worm could dismantle Mirai IoT botnet

A new nematode worm proof of concept could help the internet avoid the next massive Mirai IoT botnet DDoS attack, but experts are unsure of the legality of the option. Continue Reading


Corero Network Security on why DDoS mitigation strategy must improve

Corero Network Security's Dave Larson talks with SearchSecurity about how the Mirai botnet attacks have forced companies to change their DDoS mitigation strategy. Continue Reading


Get the best botnet protection with the right array of tools

Enterprise anti-botnet defenses, to be effective, must be added in multiple layers. No single security product will do the trick, but the right combo of tools can. Continue Reading

5Definitions to know-

Get familiar with the terminology

If you want to understand what happened with the Mirai botnet attacks, get to know the terminology.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.