In this episode of Storm Watch, hosts Bob and Glenn discuss recent cybersecurity events and the ongoing activity of the Mirai botnet. They mention a significant spike in Mirai botnet activity starting around May 10th, which continued to increase throughout the following weeks. The hosts note that Mirai is one of the primary botnets on the internet, with thousands of IP addresses attempting to find new members daily.
The hosts also discuss the geographical distribution of Mirai-infected devices, which are spread across the globe, mostly in residential networks. They highlight that Amazon's network has compromised servers that are part of the Mirai botnet. The top 15 autonomous systems account for about 75% of the traffic observed during the spike in Mirai activity.
Remy, a researcher, analyzed the binaries of the Mirai botnet and found that it was targeting Tenda, NetLog, LB link, and Zyxel devices. The hosts mention that they have updated their coverage for these devices and will be monitoring the situation closely. They also briefly discuss the recent vulnerability in Barracuda ESG appliances, urging users to keep their devices updated.