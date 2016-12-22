Mirai is just the tip of the iceberg according to a new report by the Institute for Critical infrastructure technology.

The DDoS malware which has filled security headlines recently is a profound new intervention in the threat landscape, according to the authors Drew Spaniel and James Scott. Mirai, says the report, offers cyber-criminals, hacktivists and APTs, “an asymmetric quantum leap in capability”.

It's not, as one might expect, because of its sophistication or that it represents some kind of new weapon for which there is no counter defence, but because of its accessibility. Mirai malware offers a “powerful development platform” which can be tailored to even a relatively unsophisticated attacker's needs.

The report is stark in its conclusions: “right now, script kiddies and cyber-criminal gangs are already drastically expanding their control over vulnerable IoT devices, which are enslaved to malicious purposes and can be contracted in DDoS-for-Hire services by a virtually unlimited number of actors for use in an infinite variation of layered attack methods.”

One key reason behind the scale of this threat is the fact that anyone can build on it. An unsophisticated attack, with the right intentions, could build on Mirai to make a self-propagating worm: “if the capability to infect IoT devices with spreadable worms were built into the Mirai platform, the impact would be enormous.”