The West African nation of Liberia might be a test case for future attacks.
The Mirai botnet, which unleashed a massive DDoS attack that crippled US Internet access last month, may have been used in another attempt to take the entire country of Liberia offline this week.
ZDNet reports that a Mirai-based botnet, called “Botnet 14,” has spent much of the past week intermittently attacking IP addresses of the two telecom operators that co-own the only fiber cable coming into the West African nation of Liberia.
Mirai works by taking over insecure Internet of Things devices like routers and baby cameras, harnessing them to direct gigabits of traffic to critical points in the Internet’s infrastructure.
The US has many of those points, which explains why some people’s browsing wasn’t affected during the October attack.
But according to security researcher Kevin Beaumont, Liberia has just a single cable, installed in 2011, that provides Internet access for the entire country of 4 million people.
So it is a natural target in a test of whether or not a malicious botnet can take an entire country offline.
Measuring the attack’s impact isn’t easy in a country like Liberia, where power outages and other infrastructure problems already cause unreliable Internet.
But local reports do suggest widespread outages that correspond to Botnet 14 activity, which experts track using a Twitter feed.
A Liberian resident told ZDNet that the country suffered “minor interruptions” in Internet service on Wednesday.
“The attacks are extremely worrying because they suggest a Mirai operator who has enough capacity to seriously impact systems in a nation state,” Beaumont wrote in a Medium post.
Other security experts echo his concern, calling on IoT manufacturers to beef up their devices’ defenses against malicious botnets.
ARM, which makes the chips and other components found in many IoT products, last week implored manufacturers to monitor the security of their products from the cloud and issue more frequent firmware updates.