Cybersecurity Threats in IoT: A Case Study of the Mirai Botnet Attack
VerifiedAdded on 2025/05/01
|13
|2357
|165
AI Summary
Desklib offers past papers and solved assignments. This report analyzes the Mirai Botnet attack on IoT systems.
CYBER SECURITY REPORT
Student Name:
Student ID:
Contents
Student Name:
Student ID:
Contents
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Introduction......................................................................................................................................3
Cybersecurity and IoT.....................................................................................................................4
Cybersecurity...............................................................................................................................4
Cybersecurity and IoT.................................................................................................................4
Major cybersecurity threats for IoT.............................................................................................6
Mirai Botnet Attack (aka Dyn Attack)............................................................................................8
Mirai development and execution...............................................................................................9
Major causes and Impacts..........................................................................................................10
Recommendations..........................................................................................................................11
Conclusion.....................................................................................................................................12
References......................................................................................................................................13
Cybersecurity and IoT.....................................................................................................................4
Cybersecurity...............................................................................................................................4
Cybersecurity and IoT.................................................................................................................4
Major cybersecurity threats for IoT.............................................................................................6
Mirai Botnet Attack (aka Dyn Attack)............................................................................................8
Mirai development and execution...............................................................................................9
Major causes and Impacts..........................................................................................................10
Recommendations..........................................................................................................................11
Conclusion.....................................................................................................................................12
References......................................................................................................................................13
Introduction
The report presented here will is for the representation of the various concepts related to
cybersecurity and IoT and cybersecurity threats in IoT. The main aim of the report is to elaborate
on the major threats by using an example. The Mirai Botnet Attack is the example selected here
for the elaboration. The Mirai Botnet Attack is also known by the name of the Dyn cyberattack.
The attacks were encountered in the year 2016, with forming of a series of the DDoS i.e.
Distributed Denial of Service attack on the DNS provided the company Dyn. The report also
explains the main threats to the cybersecurity and IoT that can be encountered and a detail
discussion on the Dyn attack of DDos. The report will also include a series of recommendation
that can be provided for the improvement of cybersecurity in IoT based services and systems.
The report presented here will is for the representation of the various concepts related to
cybersecurity and IoT and cybersecurity threats in IoT. The main aim of the report is to elaborate
on the major threats by using an example. The Mirai Botnet Attack is the example selected here
for the elaboration. The Mirai Botnet Attack is also known by the name of the Dyn cyberattack.
The attacks were encountered in the year 2016, with forming of a series of the DDoS i.e.
Distributed Denial of Service attack on the DNS provided the company Dyn. The report also
explains the main threats to the cybersecurity and IoT that can be encountered and a detail
discussion on the Dyn attack of DDos. The report will also include a series of recommendation
that can be provided for the improvement of cybersecurity in IoT based services and systems.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Cybersecurity and IoT
Cybersecurity
The cybersecurity is the known practice in which the various systems, programs, and networks
are protected from the attacks of the digital world. The cyber-attacks or attacks of the digital
world have the aim to change, access or delete the information whether sensitive or public, from
the systems or networks and use that information against the people for the personal benefits.
The successful system with the right cybersecurity measures is implemented using the various
layers of the cybersecurity and authentication and access granted. In the process of providing the
cybersecurity to the organization, there must be one system consisting of the employee, systems,
and network that should work together to support each other and ensure security in the
organization (Cybersecurity, 2019).
Cybersecurity and IoT
The IoT systems are very much different from the use of the internet in traditional ways. The use
of IoT does not compulsorily require any kind of the human interaction and these systems
depend on the devices and appliances like the sensors to collect the information, process
information, analyze and obtain results. The IoT technology provides better technology and new
Cybersecurity
The cybersecurity is the known practice in which the various systems, programs, and networks
are protected from the attacks of the digital world. The cyber-attacks or attacks of the digital
world have the aim to change, access or delete the information whether sensitive or public, from
the systems or networks and use that information against the people for the personal benefits.
The successful system with the right cybersecurity measures is implemented using the various
layers of the cybersecurity and authentication and access granted. In the process of providing the
cybersecurity to the organization, there must be one system consisting of the employee, systems,
and network that should work together to support each other and ensure security in the
organization (Cybersecurity, 2019).
Cybersecurity and IoT
The IoT systems are very much different from the use of the internet in traditional ways. The use
of IoT does not compulsorily require any kind of the human interaction and these systems
depend on the devices and appliances like the sensors to collect the information, process
information, analyze and obtain results. The IoT technology provides better technology and new
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
ways to handle and manage the day to day activities but this also introduces the new types of
threats to cybersecurity and compromises to the data. The evolution of the IoT systems according
to the new requirements introduces various risks like the:
1. The integration of devices and internet is not risk-free.
2. The new challenges to cybersecurity and the introduction of something new.
3. There is a standard risk on a global level.
4. The problems that can be introduced at the time of retrofitting (Lu, and Da Xu, 2018).
To provide the right type of cybersecurity to the IoT systems, there are various challenges:
1. Access control- this is the provision that allows the authorized person to access the
system or service. The authorization is for both the user and the device used to access or
information.
2. Confidentiality- the principle that is used to control the access of the information is
known as confidentiality. The system is designed so that unauthorized access or access by
the wrong people can be prevented. The principle allows the sale of sensitive data from
the intruders.
3. Authentication- the user that is accessing the system or security, defines itself to be
authenticated for use. The access control varies from user to user and is provided using
some type of the username or password. At the time of the authentication, the user is
verified against the credentials used by the user to enter in the system or to access the
information or service.
Figure 1: IoT security challenges
threats to cybersecurity and compromises to the data. The evolution of the IoT systems according
to the new requirements introduces various risks like the:
1. The integration of devices and internet is not risk-free.
2. The new challenges to cybersecurity and the introduction of something new.
3. There is a standard risk on a global level.
4. The problems that can be introduced at the time of retrofitting (Lu, and Da Xu, 2018).
To provide the right type of cybersecurity to the IoT systems, there are various challenges:
1. Access control- this is the provision that allows the authorized person to access the
system or service. The authorization is for both the user and the device used to access or
information.
2. Confidentiality- the principle that is used to control the access of the information is
known as confidentiality. The system is designed so that unauthorized access or access by
the wrong people can be prevented. The principle allows the sale of sensitive data from
the intruders.
3. Authentication- the user that is accessing the system or security, defines itself to be
authenticated for use. The access control varies from user to user and is provided using
some type of the username or password. At the time of the authentication, the user is
verified against the credentials used by the user to enter in the system or to access the
information or service.
Figure 1: IoT security challenges
4. Privacy- privacy is one of the major issues that is encountered at the time of security
modeling for IoT. Providing privacy is the process in which the information provider and
the system asking for information, only has access control over the information.
5. Secure middleware- the middleware is the type of software that serves as a connection
phase or the interface between the various components of the IoT. These are the main
elements that serve as the backbone to the functioning of the IoT systems and are a major
way through which one can breach the security of the system (Hou, et. al., 2019).
6. Trust- the device that needs any kind of human interaction and are made smart to handle
all kind of the processing itself is one of the systems that is very hard to be trusted by the
user. Getting the user to trust the system is one of the major challenges.
Major cybersecurity threats for IoT
The use of the IoT services accompanies many security threats that need to be encountered in
order to implement a system that can provide the best of IoT services and also is able to ensure
the security of the information and data of the user. In the process of providing cybersecurity to
IoT systems, some major encountered threats are as explained below:
1. The hidden and exploitable potential of devices: the IoT devices as small as it can be
used for sensing the room temperature and light intensity is build using the small
microcontrollers and OS that are connected to a remote system or data collection center.
They might look small, but the presence of small and individual OS and the
microcontroller can be mold by the attacker for the use.
2. The updating issue: the IoT devices that were built in the earlier times are now not able
to work according to the user expectation and thus need to be updated. The update is
usually provided using the internet services and the defender system not being updated
accordingly can cause security breach (Tweneboah-Koduah, et. al., 2017).
3. Device vulnerabilities- this is one of the risks that need to be handled properly and is
causing the issue to security and data. The maximum number of the firmware running
joined devices are insecure which impose a major risk to the system.
4. Altering the device identity: the most vulnerable node for the security method in the IoT
is the device itself. The device itself is the weakest point as if the hacker is able to find
the device the hacker can change the identity of the device to enter inside of the system.
modeling for IoT. Providing privacy is the process in which the information provider and
the system asking for information, only has access control over the information.
5. Secure middleware- the middleware is the type of software that serves as a connection
phase or the interface between the various components of the IoT. These are the main
elements that serve as the backbone to the functioning of the IoT systems and are a major
way through which one can breach the security of the system (Hou, et. al., 2019).
6. Trust- the device that needs any kind of human interaction and are made smart to handle
all kind of the processing itself is one of the systems that is very hard to be trusted by the
user. Getting the user to trust the system is one of the major challenges.
Major cybersecurity threats for IoT
The use of the IoT services accompanies many security threats that need to be encountered in
order to implement a system that can provide the best of IoT services and also is able to ensure
the security of the information and data of the user. In the process of providing cybersecurity to
IoT systems, some major encountered threats are as explained below:
1. The hidden and exploitable potential of devices: the IoT devices as small as it can be
used for sensing the room temperature and light intensity is build using the small
microcontrollers and OS that are connected to a remote system or data collection center.
They might look small, but the presence of small and individual OS and the
microcontroller can be mold by the attacker for the use.
2. The updating issue: the IoT devices that were built in the earlier times are now not able
to work according to the user expectation and thus need to be updated. The update is
usually provided using the internet services and the defender system not being updated
accordingly can cause security breach (Tweneboah-Koduah, et. al., 2017).
3. Device vulnerabilities- this is one of the risks that need to be handled properly and is
causing the issue to security and data. The maximum number of the firmware running
joined devices are insecure which impose a major risk to the system.
4. Altering the device identity: the most vulnerable node for the security method in the IoT
is the device itself. The device itself is the weakest point as if the hacker is able to find
the device the hacker can change the identity of the device to enter inside of the system.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
5. Default passwords and usernames: the major of the IoT devices that are manufactured
in bulk are operated using some type of default password and username like "admin" and
"user" which can be easily used by a hacker to enter in the system.
6. Old technology Vs new: the devices that were manufactured earlier face major
challenges of security. The old devices are incompatible with the new technology and can
be exploited using new threats (Kochetkova, 2016).
in bulk are operated using some type of default password and username like "admin" and
"user" which can be easily used by a hacker to enter in the system.
6. Old technology Vs new: the devices that were manufactured earlier face major
challenges of security. The old devices are incompatible with the new technology and can
be exploited using new threats (Kochetkova, 2016).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Mirai Botnet Attack (aka Dyn Attack)
The Mirai Botnet attack also is known by the name of the Dyn attack is the largest known DDoS
attack that was encountered in October 2016. The attack was planned and executed using the IoT
botnet. The attack caused loss to the organization and caused many sites to go down, sites
include Reddit, Netflix, CNN, and Twitter.
The IoT botnet that was used for executing the Dyn attack plan used a very simple technique to
infect the complete system. the IoT botnet was manufactured and developed by Mirai which is a
type of malware. The system was firstly infected by using the Mirai malware and then the
computers connected searched for the other IoT devices that were vulnerable insecurity and the
bot used the default passwords and usernames to log into the system and infected them with
Mirai. The devices that were targeted by IoT bots included many devices like the DVR players
and cameras (IoT For All, 2017).
Dyn is a known DNS provider and provides the services of the mapping facility to the user side
name and domain id. The attack was caused by using the various connected devices of Dyn,
these devices were used to request for a large amount of DNS mapping from various IPs. After
being injected with the Mirai malware, the system started to send multiple DNS mapping
requests to the main server which caused various sites and the server to go down for a very long
time.
The Mirai Botnet attack also is known by the name of the Dyn attack is the largest known DDoS
attack that was encountered in October 2016. The attack was planned and executed using the IoT
botnet. The attack caused loss to the organization and caused many sites to go down, sites
include Reddit, Netflix, CNN, and Twitter.
The IoT botnet that was used for executing the Dyn attack plan used a very simple technique to
infect the complete system. the IoT botnet was manufactured and developed by Mirai which is a
type of malware. The system was firstly infected by using the Mirai malware and then the
computers connected searched for the other IoT devices that were vulnerable insecurity and the
bot used the default passwords and usernames to log into the system and infected them with
Mirai. The devices that were targeted by IoT bots included many devices like the DVR players
and cameras (IoT For All, 2017).
Dyn is a known DNS provider and provides the services of the mapping facility to the user side
name and domain id. The attack was caused by using the various connected devices of Dyn,
these devices were used to request for a large amount of DNS mapping from various IPs. After
being injected with the Mirai malware, the system started to send multiple DNS mapping
requests to the main server which caused various sites and the server to go down for a very long
time.
Mirai development and execution
The system is known to be developed by a student named Paras Jha, who was pursuing his
graduation from the Rutgers and was interested in learning the complete execution of the DDoS
attacks and use of those attacks to earn money. Paras also introduced some small attacks on the
university system he was studying at the crucial times like at the time of the midterms and
student enrollment time. Paras Jha was known to be a huge Minecraft Player and made money by
hosting the Minecraft Game servers. Mirai is one of the creations of Paras Jha.
Mirai is a Japanese word that means future and is a malware that was developed by Paras Jha
using the help from Josiah White and Dalton Norman. The malware is known to have a high
impact on network devices. After getting infected from Mirai, the networked device that runs on
Linux gets converted small bots that can be used all together as one to conduct a big-size
network attack. The device then continuously scans the internet for the IP addresses of the IoT
based devices. After finding the right type of the vulnerable device, Mirai uses a table of 60
default password and username to gain access to the control of the system and then gains control
of the system.
The device that is infected using Mirai remains completely safe until they are not rebooted. As
soon as the device is rebooted, the device username and password are changed by Mirai and the
control access is gained (Fruhlinger, 2018).
The system is known to be developed by a student named Paras Jha, who was pursuing his
graduation from the Rutgers and was interested in learning the complete execution of the DDoS
attacks and use of those attacks to earn money. Paras also introduced some small attacks on the
university system he was studying at the crucial times like at the time of the midterms and
student enrollment time. Paras Jha was known to be a huge Minecraft Player and made money by
hosting the Minecraft Game servers. Mirai is one of the creations of Paras Jha.
Mirai is a Japanese word that means future and is a malware that was developed by Paras Jha
using the help from Josiah White and Dalton Norman. The malware is known to have a high
impact on network devices. After getting infected from Mirai, the networked device that runs on
Linux gets converted small bots that can be used all together as one to conduct a big-size
network attack. The device then continuously scans the internet for the IP addresses of the IoT
based devices. After finding the right type of the vulnerable device, Mirai uses a table of 60
default password and username to gain access to the control of the system and then gains control
of the system.
The device that is infected using Mirai remains completely safe until they are not rebooted. As
soon as the device is rebooted, the device username and password are changed by Mirai and the
control access is gained (Fruhlinger, 2018).
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Major causes and Impacts
The following were the major impacts of the Dyn attacks are as follows:
The attack caused a huge loss of consumers to the Dyn company and after the attack, almost
8% of the user stopped using the services provided by Dyn.
From the sample of 178,000 domains, almost 14,000 internet domains stopped the use of the
services by Dyn.
The attack might not have caused a huge financial impact on the people but have caused the
loss of trust of people on the company.
The attackers caused the services from Dyn to be stopped and hijacked for a long time and
the major sites like Amazon, Netflix, CNN and others were inaccessible by the users, but
still, the users responded to the situation very nicely and does not revoke their service
contracts from Dyn.
The following were the major causes of the Mirai attacks:
The presence of vulnerable devices in the networked system.
The absence of malware detecting system on the small systems.
The security lack at the connected devices, the connected device must also use some kind of
security gateway in order to complete the connection.
The presence of authentication by default generated passwords and usernames.
Old and outdated firmware (Weagle, 2017).
The following were the major impacts of the Dyn attacks are as follows:
The attack caused a huge loss of consumers to the Dyn company and after the attack, almost
8% of the user stopped using the services provided by Dyn.
From the sample of 178,000 domains, almost 14,000 internet domains stopped the use of the
services by Dyn.
The attack might not have caused a huge financial impact on the people but have caused the
loss of trust of people on the company.
The attackers caused the services from Dyn to be stopped and hijacked for a long time and
the major sites like Amazon, Netflix, CNN and others were inaccessible by the users, but
still, the users responded to the situation very nicely and does not revoke their service
contracts from Dyn.
The following were the major causes of the Mirai attacks:
The presence of vulnerable devices in the networked system.
The absence of malware detecting system on the small systems.
The security lack at the connected devices, the connected device must also use some kind of
security gateway in order to complete the connection.
The presence of authentication by default generated passwords and usernames.
Old and outdated firmware (Weagle, 2017).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Recommendations
For improvising the security in the IT system, the following can be considered:
For an organization to implement cybersecurity, the employees should be trained and
informed for the same. The breaches that occur generally are due to an employee clicking on
some type of phishing link or data file.
The system security software like the firewalls and malware detection software should be
used in each and every system of the organization.
The organization following the BYOD policies should limit the devices that can bring into
the office campus and the devices should be verified.
The multi-layer security should be implemented on the network of the organization. The
antivirus helps in filtering all the devices that are connected to the system and also all the
downloaded files.
The two-step verification process should be implemented for authenticating the user for
providing access control. The two steps can be biometrics and passwords or the digital
signature and passwords.
There should be provision to implement the effective and immediate backup whenever the
system is alarmed with the possibility of attacks or malware in the system. The system should
also be able to lock up the sensitive data by itself when an intruder is located in the system
(Rutherford, 2018).
For improvising the security in the IT system, the following can be considered:
For an organization to implement cybersecurity, the employees should be trained and
informed for the same. The breaches that occur generally are due to an employee clicking on
some type of phishing link or data file.
The system security software like the firewalls and malware detection software should be
used in each and every system of the organization.
The organization following the BYOD policies should limit the devices that can bring into
the office campus and the devices should be verified.
The multi-layer security should be implemented on the network of the organization. The
antivirus helps in filtering all the devices that are connected to the system and also all the
downloaded files.
The two-step verification process should be implemented for authenticating the user for
providing access control. The two steps can be biometrics and passwords or the digital
signature and passwords.
There should be provision to implement the effective and immediate backup whenever the
system is alarmed with the possibility of attacks or malware in the system. The system should
also be able to lock up the sensitive data by itself when an intruder is located in the system
(Rutherford, 2018).
Conclusion
The report presented here includes the discussion of the cybersecurity concepts and the various
concepts related to it. The main aim of the report was to discuss a major cybersecurity attack
related to IoT and this aim was completed by the discussion of the Mirai attack on the DNS
server of the Dyn company. The report discussed how the attack was caused and provided
insights into the major causes of the attack. At the end of the report, various methods that can be
used to provide better cybersecurity to any system is discussed.
The report presented here includes the discussion of the cybersecurity concepts and the various
concepts related to it. The main aim of the report was to discuss a major cybersecurity attack
related to IoT and this aim was completed by the discussion of the Mirai attack on the DNS
server of the Dyn company. The report discussed how the attack was caused and provided
insights into the major causes of the attack. At the end of the report, various methods that can be
used to provide better cybersecurity to any system is discussed.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 13
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.