Security experts have dismissed last week's reports that Liberia's entire internet infrastructure was taken down by a DDoS attack, stating that this story was "simply not true".
Despite widespread coverage, the claims were debunked by security expert Brian Krebs who found that contrary to reports, the attack did not cause a nationwide outage. He spoke to Daniel Brewer, general manager for the Cable Consortium of Liberia, who told him that "we have no knowledge of a national internet outage and there are [sic] no data to [substantiate] that."
The reports stemmed from security architect Kevin Beaumont, who noticed attacks on Liberian telecoms infrastructure while monitoring the activity of the Mirai botnet. He apparently spoke to an anonymous source withing a local telco, who supposedly confirmed that the country's single submarine internet cable - which Beaumont pointed to a "single point of failure" - was under 500Gbps attacks.
"From monitoring, we can see websites hosted in country going offline during the attacks," he wrote. "Additionally, a source in country at a Telco has confirmed to a journalist they are seeing intermittent internet connectivity, at times which directly match the attack."
Many news outlets (including IT Pro) took this to mean that the internet connection for the whole country was under threat, but Brewer emphatically confirmed that this was not the case, stating "both our ACE submarine cable monitoring systems and servers hosted (locally) in LIXP (Liberia Internet Exchange Point) show no downtime in the last 3 weeks."
It appears that the attacks observed by Beaumont were in fact mounted against a mobile telco; one that had a DDoS mitigation service in place to minimise the effects of the attack. While local web performance may have been intermittent, it was decidedly not a nationwide issue.
This was confirmed by cloud and security company Akamai as well as Dyn, the DNS provider that was hit by a much bigger DDoS last month. The company's director of internet analysis tweeted that there was no evidence of any widespread problems.
However, security expert Graham Cluley cautioned that although the Liberian incident was not as bad as initially thought, Mirai and other IoT-based malware still poses a significant threat.
"None of this is to say Mirai that is not a serious threat, of course," he wrote, "and that new botnets based upon its leaked code don't pose a significant threat to internet infrastructure as they exploit poorly-protected IoT devices."
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
CMS platforms succumb to KashmirBlack botnet as businesses rush onlineNews Businesses warned to prioritise security as coronavirus forces many to ply their trade digitally
-
IoT botnets are on the rise and 5G isn’t helping anythingNews Botnets are more common and coming in more diverse strains than ever before
-
What is shadow IT?In-depth Hardware and software that isn't authorised by IT departments can leave businesses vulnerable
-
Duo unravels massive three-tiered ‘crypto-giveaway’ botnetNews Researchers used a machine learning model to weed through 88 million Twitter accounts for bots and spammers
-
IoT revenue opportunity to exceed $1 trillion by 2025News More than half of IoT devices will be deployed in enterprises as the market shifts away from connectivity
-
BrickerBot threatens to kill your IoT devicesNews Mirai-like botnet could permanently disable Internet of Things hardware
-
‘Sexy view’ worm takes first step towards mobile botnetsNews A security vendor has released details of a new SMS mobile worm that uses a breakthrough propagation strategy and is targeting mobiles running the Symbian operating system.
