On Friday services in the US started to go down thick and fast because of a distributed denial of service (DDoS) attack that reportedly a massive botnet was executing.
The target of the attack was DNS host Dyn whose services are used by websites such as Reddit, Twitter, Netflix and Amazon. Dyn started to experience DDoS attack on its Managed DNS infrastructure at 11:10 UTC on Friday.
The attack appeared to have been limited to Dyn’s East-Coast services and the firm says that services on the West Coast of the United States were unaffected.
At around 13:20 UTC Dyn engineers had mitigated the attack to some degree but at 15:52 a second DDoS attack took place. This time the traffic appeared to come from more parts of the world. Services were eventually restored at 17:00 UTC on Friday.
“While there was a third attack attempted, we were able to successfully mitigate it without customer impact,” Dyn said in a blog post.
The main source of traffic from the attack appears to have been IOT devices compromised by Mirai malware. “We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack,” said Dyn.
This claim was further substantiated by cyber security firm, Flashpoint in a blog post, “While Flashpoint has confirmed that Mirai botnets were used in the October 21, 2016 attack against Dyn, they were separate and distinct botnets from those used to execute the DDoS attacks against “Krebs on Security” and OVH.”
The devices that were roped into the attack appear to have been DVRs running software from Hanzhou XiongMai Technologies and network attached storage devices with the username password combination “root/root” according to a report by Forbes. This sort of behaviour is reminiscent of Mirai, which sniffs out devices on the internet of things and then performs a dictionary attack to gain access.
What is most scary about this attack is that were once Mirai was being used to take down a blog like Krebs on Security it appears as if black hat hackers are done playing games and are targeting larger services. We’ve said it before and we’ll say it again, it’s time to have a serious conversation about the security of the internet of things.[Via – Dyn][Image – CC BY SA Christiaan Colen]