Last Friday, hackers successfully managed to unleash an absolutely massive DDoS attack that swiftly knocked a number of popular websites offline, including Twitter, Spotify and even Amazon. DDoS attacks are of course nothing new, but last Friday’s attack was unique insofar as it was incredibly massive and was carried out with a botnet not comprised of computers, but of Internet connected devices.
We’re now a few days removed from the attack and more information about how the attack was carried out is starting to emerge. Of particular interest is that last Friday’s botnet was carried out by compromised DVRs and webcam devices infected by a piece of malware called Mirai. The malware itself isn’t particularly sophisticated but it’s tremendously effective as Internet connected devices often have poor security and easy to guess default passwords.
As ComputerWorld points out, “because these devices have weak default passwords and are easy to infect, Mirai has been found spreading to at least 500,000 devices, according to internet backbone provider Level 3 Communications.
Also interesting is that many of the infected devices can be traced back to a single company, a Chinese electronics company called Hangzhou Xiongmai Technology. Over the weekend, Hangzhou Xiongmai Technology said that weak security on some of its products — DVRs and webcams in particular — helped contribute to last Friday’s DDoS attack. Specifically, the company sells a variety of circuit boards for DVRs and various camera modules for webcams.
Xiongmai says it patched the flaws with its products in September 2015 and its devices now ask the customer to change the default password when used for the first time. But products running older versions of the firmware are still vulnerable.
To stop the Mirai malware, Xiongmai is advising that customers update their product’s firmware and change the default username and passwords to them. Customers can also disconnect the products from the internet.
Additionally, Hangzhou Xiongmai Technology issued a product recall for all webcams that contain components sourced from the company.