Mirai is a famous IoT Botnet attack (considered to be the most destructive cyberattack of all times). This demo will show how the Mirai malware works on real IoT devices, e.g., IP cameras. We will illustrate the attack process step by step to explain the attack mechanisms as well as the consequences in detail for each attack stage.
Stage 1-Scanning. A Mirai malware instance (bot) running on an infected IoT device will scan the network to find other vulnerable IoT devices with open Telnet access.
Stage 2-Finding Telnet credentials. The bot runs a brute-force attack (password list) to find the correct Telnet username and password of the found vulnerable device
Stage 3-Infection. The Mirai server uses the information (IP address, username and password) of the vulnerable devices found above to intrude and load the Mirai binary to the device.
Stage 4-Mirai DDoS attack. The Mirai server sends a DoS attack command to the bots which then start a DDoS attack.
System setup requirements: A laptop with two virtual machines running, a WiFi router, two IP cameras and (optional) some other IoT devices.