Hackers yesterday attacked Dyn, a major DNS service, with an absolutely massive DDoS attack that swiftly took a number of popular services, including Twitter, PayPal and Spotify, offline. While DDoS attacks are nothing new in and of themselves, there are two aspects to yesterday’s widespread assault on the Internet that are particularly intriguing.
One, the scale and effectiveness of yesterday’s DDoS attack was impressive and brutal. All the more so because just when Dyn had seemingly addressed the issue, the actors behind the attack would launch another deluge of garbage requests.
Two, the malware behind yesterday’s DDoS attack was effectively a botnet comprised of millions of Internet connected devices, from DVRs and routers to CCTV cameras. In other words, yesterday’s attack saw our vaunted Internet of Things turned against us in an unprecedented way.
Security researcher Brian Krebs has been monitoring the situation closely and notes that the attack was orchestrated by the Mirai malware. You might recall that Mirai’s source code was released just a few weeks ago.
Krebs details how Mirai works and why it’s so effective.
Mirai scours the Web for IoT devices protected by little more than factory-default usernames and passwords, and then enlists the devices in attacks that hurl junk traffic at an online target until it can no longer accommodate legitimate visitors or users.
According to researchers at security firm Flashpoint, today’s attack was launched at least in part by a Mirai-based botnet. Allison Nixon, director of research at Flashpoint, said the botnet used in today’s ongoing attack is built on the backs of hacked IoT devices — mainly compromised digital video recorders (DVRs) and IP cameras made by a Chinese hi-tech company called XiongMai Technologies. The components that XiongMai makes are sold downstream to vendors who then use it in their own products.
According to Dyn, the incident was officially resolved as of yesterday evening.