The Mirai botnet is a network of Internet of Things (IoT) devices infected with Mirai malware, used for massive distributed denial of service (DDoS) attacks. The Mirai malware was discovered in August 2016 by MalwareMustDie, and it’s first major attack was on computer security expert Brian Krebs’s personal website . The botnet gained mainstream notoriety after performing the largest DDoS attack in history against DNS provider Dyn in October 2016 . The Mirai Botnet is now being rented on dark web for performing DDoS attacks for high paying clients 
The September 20th attack on computer security blogger Brian Krebs's website, KrebsOnSecurity.com, was the first major attack of the Mirai Botnet. The attack was estimated to have been around 620 gbps, which was approximately twice as large than any prior DDoS attack on record. Content Distribution Network provider Akamai thwarted the attack, and released a special State of the Internet report following it.
On October 21st, the Mirai botnet performed one of the most disruptive DDoS attacks in Internet history. The attack took down Domain Name Service (DNS) provider Dyn, a major backbone for many websites. DNS is a service that translates human readable URLs to IP addresses. When Dyn went down, many sites including Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix were rendered unreachable for most users. Estimates report that up to 100,000 IoT devices were used to power the attack which attained a throughput of up to 1.2 TBPS. 
How Mirai Works
Mirai scans the internet for Internet of Things (IoT) devices that run on the ARC processor. This processor runs a stripped-down version of the Linux operating system. Consequently, if the default username and password combination is not changed, Mirai is able to log into the device and infect it. IoT consists of smart devices that can connect to the internet. These devices include baby monitors, vehicles, network routers, agricultural devices, medical devices, environmental monitoring devices, and home appliances. 
Distributed denial-of-service (DDoS) attacks
A denial-of-service (DoS) attack is an attack that sends excessive amounts of requests from a device on the Internet to flood a victim network with traffic. The intent of a DoS attack is to create enough congestion to render a service or website unusable. A distributed denial-of-service (DDoS) attack uses a collection of devices on the Internet to flood the victim with traffic from many devices. The collection of devices used in a DDoS attack are often referred to as a botnet, and are often exploited without their owners' consent.
Mirai malware targets poorly secured IoT devices by brute-forcing into them with a list of common usernames and passwords. Mirai then infects the device with software which gives control of the its network resources to a central server. Devices will remain infected until they are rebooted. Mirai’s inventor claims that the botnet uses upwards of 380,000 devices in an attack at a rate of 620 Gbps . Interestingly, Mirai has a list of hardcoded IP addresses in the source code to avoid attacking. The list includes Hewlett-Packard, General Electric, and the US Postal Service . The source code of Mirai is leaked on GitHub 
Implications on IoT
The Internet of Things refers to the collection of everyday objects with embedded Internet connections. Examples of IoT devices include 'smart objects' like smart tvs, smart refrigerators, etc. as well as Internet beacons and personal assistants. The IoT industry has been criticized by security professionals for having poor security practices and the immense power achieved by the Mirai botnet has exacerbated to this concern. Security professionals also speculate that the attacker who created Mirai is an amateur and not a professional hacker.
Mirai For Rent
Since the major attacks in 2016, a market has developed for the Mirai botnet. Hackers are currently renting botnets infected with Mirai on the black market. It is estimated that around 400,000 bots are available for rent, however, customers may choose to rent fractions of the botnet for reduced cost. $4,600 will purchase the usage of 50,000 bots while $7,500 will purchase 100,000. The seller claims it can reach a bandwidth of up to 1 tbps .
The Creators of Mirai
Paras Jha and Josiah White co-founded Protraf Solutions, a company offering mitigation services for Distributed Denial of Service (DDoS) attacks. Protraf Solutions was accused of racketeering – their business offered DDoS mitigation services to the very organizations their malware attacked. 
Many believe that responsibility of the Mirai attacks fall on the manufacturers of the Internet of Things devices vulnerable to the attack. Even before the Mirai attacks, security experts have criticized Internet of Things devices for their poor security practices. In 2015, security firm Symantec issued a 20-page report named “Insecurity in the Internet of Things” highlighting many common vulnerabilities of IoT devices . Despite many computer security professionals voicing their concerns, there was little response from IoT manufacturers in improving their security practices. Critics argue that these manufacturers were negligent in adhering to very basic security practices, and are ultimately at fault for allowing the Mirai Botnet to be created .