The widespread internet outage that affected a number of the US’s biggest websites on Friday was the result of a huge distributed denial of service (DDoS) attack on Dyn, a domain name registration provider. Now security expert Brian Krebs, of Krebs on Security, has reported that the attack was carried out through the use of a botnet using the Mirai malware, which made use of a wide range of compromised IoT (Internet of Things) devices.
With the use of this “very sophisticated and complex attack,” as described by cyber security researchers Flashpoint, big websites like Twitter, Amazon, Netflix, Spotify, Reddit, and PayPal suffered outages and service interruptions throughout the day. Krebs writes that the same malware that was used in an attack in on his website last month, Mirai, was used to scan for and compromise IoT devices with weak security settings (i.e. factory default logins and passwords).
With control over these devices, Mirai was able to build a botnet, using it as a digital army to attack Dyn’s networks and servers with bogus requests designed to slow data speeds or cause entire shutdowns. When websites like Netflix or Twitter then get overrun with this traffic, it leaves no room for data from actual users.
So, other than those relying on factory default security settings, how are IoT devices specifically part of the problem? Here’s how Kreb explained it:
“According to researchers at security firm Flashpoint, […] the botnet used in today’s ongoing attack is built on the backs of hacked IoT devices — mainly compromised digital video recorders (DVRs) and IP cameras made by a Chinese hi-tech company called XiongMai Technologies. The components that XiongMai makes are sold downstream to vendors who then use it in their own products.”
This means it’s possible that every single XiongMai product was turned into a piece of the botnet that attacked the US, with Flashpoint noting the possibility of multiple botnets being used against Dyn.
SOURCE Krebs on Security