DNS provider Dyn reckons about 100,000 Mirai-infected gadgets knocked it out back in October 2016. A study by security ratings firm SecurityScorecard, out Tuesday, found that even a year after its initial release, Mirai botnet infections are still widespread.
Organisations think they are not a target due to the business they are in, or not having highly valued or sensitive data assets i.e. logistics, construction etc.
If they don't rely heavily on IT and they aren't subject to regulatory compliance they tend to take cybersecurity less seriously.
Many organisations are not aware their IT/OT/IoT infrastructure is a target for the infrastructure itself. If hackers can compromise any device on any network and use it as part of a botnet, they will. This is likely to get the compromised organisation's IP or even their entire domain registered as an attacker and can often be blocked.
This can result in an innocent business being blacklisted and taken off the net, without them doing anything wrong. In many cases, they don't even know attacks are emanating from within their networks. Compromised devices are easy to spot.
The education sector was the industry most affected by Mirai variants during Q3 of 2017, ahead of energy, manufacturing, entertainment, and financial services, according to figures from SecurityScorecard. The most affected country for Mirai activity in Q3 of 2017 is Mexico, ahead of China, the US, Brazil and Turkey.