Liberia's Internet Brought to a Halt After Facing Multiple Mirai-Based Attacks

By CircleID Reporter
Liberia's Internet Brought to a Halt After Facing Multiple Mirai-Based Attacks

The entire internet infrastructure of the African nation of Liberia is distributed by the same weapon used to cause the historic cyberattack just two weeks ago. Zack Whittaker reporting in ZDNet: "This week, another Mirai botnet, known as Botnet 14, began targeting a small, little-known African country, sending it almost entirely offline each time. Security researcher Kevin Beaumont ... said that the attack was one of the largest capacity botnets ever seen. One transit provider said the attacks were over 500Gbps in size. Beaumont said that given the volume of traffic, it 'appears to be the owned by the actor which attacked Dyn'. ... An attack of that size is enough to flatten even a large network – or ... a small country."

Update, 4 Nov: "Did a DDoS attack knock Liberia offline?" Director of Internet Analysis at Dyn, Doug Madory in an email today says that while there may have been a DDoS attack against targets in Liberia, "there is no evidence that the country was knocked offline." Both Dyn and Akamai, he added, have observed no change in traffic patterns coming from Liberia in recent days. See corresponding tweets from Akamai & Dyn.

The manager of the submarine cable landing in Liberia is also quoted reporting: "We have received similar inquiries from news outlets and other interest groups on this subject. However, both our ACE submarine cable monitoring systems and servers hosted (locally) in LIXP (Liberia Internet Exchange Point) show no downtime in the last 3 weeks. While it is likely that a local operator might have experienced a brief outage, we have no knowledge of a national Internet outage and there are no data to substantial that."

Brian Krebs also weighing in on the situation: "Yes, multiple sources confirm that Mirai was used to launch an attack exceeding 500 Gbps against a mobile telecom provider in Liberia, but those sources also say the provider in question had a denial-of-service attack mitigation plan in place that kicked into action shortly after the attack began."

Related topics: Cyberattack, DDoS Attack