Was Mirai malware behind Dyn DDoS attack?

IoT-powered malware may have caused Twitter, Spotify & Reddit outage

Mirai, the botnet malware that was made open source at the beginning of this month, was allegedly behind the DDoS attack that took out Twitter, Github and Spotify, among others, on Friday.

The attack, which initially affected the east coast of the US before becoming global later in the evening, used the same IoT-powered malware that knocked security specialist Brian Krebs's website Krebs On Security offline in September, it has been claimed.

In an analysis of the attack, researchers at security vendor Flashpoint claimed they had confirmed that at least some of the infrastructure in the attack was infected by Mirai malware.

Mirai specialises in recruiting IoT devices, such as thermostats, fridges or, as has been identified in this case, webcams to botnets, which are then used to unleash a massive torrent of traffic on the victim - in this case, Dyn.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

In a statement, Dyn said it had observed tens-of-millions of discrete IP addresses associated with the Mirai botnet were part of the attack. What, if any, other infrastructure or botnets were involved has not been disclosed by anyone.

In the wake of the attack, Chinese manufacturer Hangzhou Xiongmai has issued a product recall for its webcams in the US after it was revealed the devices were used as part of the attack. It was claimed that easy-to-guess default passwords enabled Mirai to take control of the devices.

In a staement toBBC News, Xiongmai denied its webcams had made up the bulk of the devices involved, saying: "Security issues are a problem facin all mankind. Since industry giants have experienced them, Xiongmail is not afraid to experience them too."

21/10/2016:Major DDoS attack cripples Spotify, Github, Twitter in US

A DDoS attack pulled down Github, Reddit, Twitter, Spotify and other major sites across the US east coast today.

The attack, which targeted servers belonging to DNS provider Dyn, also hit customers such as Etsy, Soundcloud, Heroku and Shopify, according to Hacker News.

Advertisement - Article continues below

Dyn said the attack started at 11.10am UTC, and that by 1.20pm it had restored services to normal.

A statement on its status page said: "We began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time. Updates will be posted as information becomes available."

When IT Pro approached Dyn for comment, Scott Hilton,executive VP of products, said the cyber attack was "global" in nature, suggesting quite a large botnet could be roped into the effort, but did not say whether Dyn has identified the source of the attack.

In an emailed statement, he added: "DNS traffic resolved from east coast name server locations are experiencing a service degradation or intermittent interruption during this time. Updates will be posted as information becomes available.

Advertisement
Advertisement - Article continues below

"Upon recognition, active mitigation protocols were initiated and have been working to resolve the issues. Customers with questions or concerns are encouraged to check our status page for updates and reach out to our Technical Support Team.

While it was primarily US east coast servers that were affected, some European users also suffered.

Advertisement - Article continues below

User 'Tzaman' wrote in a comment on Hacker News: "I can't access our production servers which are in US east. Can't access Intercom [a communication platform using Dyn's Managed DNS] with which we provide customer support. Our clients are mailing us that payment provider doesn't work either. So we're losing money while being in central EU."

The news comes after cybersecurity guru Bruce Schneier warned that a nation state was hitting key hosting providers of the world's internet with DDoS attacks.

He said: "Someone is extensively testing the core defensive capabilities of the companies that provide critical internet services."

Featured Resources

Transform the operator experience with enhanced automation & analytics

Bring networking into the digital era

Download now

Artificially intelligent data centres

How the C-Suite is embracing continuous change to drive value

Download now

Deliver secure automated multicloud for containers with Red Hat and Juniper

Learn how to get started with the multicloud enabler from Red Hat and Juniper

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/security/vulnerability/354309/patch-issued-for-critical-windows-bug
vulnerability

Patch issued for critical Windows bug

11 Dec 2019
Visit/hardware/354193/buy-it-to-grow-not-slow-your-business
Sponsored

Buy IT to grow, not slow, your business

25 Nov 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/security/antivirus/354328/microsoft-to-scrap-security-essentials-when-windows-7-reaches-end-of-life
antivirus

Microsoft to scrap Security Essentials when Windows 7 reaches end-of-life

13 Dec 2019