Was Mirai malware behind Dyn DDoS attack?

IoT-powered malware may have caused Twitter, Spotify & Reddit outage

Mirai, the botnet malware that was made open source at the beginning of this month, was allegedly behind the DDoS attack that took out Twitter, Github and Spotify, among others, on Friday.

The attack, which initially affected the east coast of the US before becoming global later in the evening, used the same IoT-powered malware that knocked security specialist Brian Krebs's website Krebs On Security offline in September, it has been claimed.

In an analysis of the attack, researchers at security vendor Flashpoint claimed they had confirmed that at least some of the infrastructure in the attack was infected by Mirai malware.

Mirai specialises in recruiting IoT devices, such as thermostats, fridges or, as has been identified in this case, webcams to botnets, which are then used to unleash a massive torrent of traffic on the victim - in this case, Dyn.

In a statement, Dyn said it had observed tens-of-millions of discrete IP addresses associated with the Mirai botnet were part of the attack. What, if any, other infrastructure or botnets were involved has not been disclosed by anyone.

In the wake of the attack, Chinese manufacturer Hangzhou Xiongmai has issued a product recall for its webcams in the US after it was revealed the devices were used as part of the attack. It was claimed that easy-to-guess default passwords enabled Mirai to take control of the devices.

In a staement toBBC News, Xiongmai denied its webcams had made up the bulk of the devices involved, saying: "Security issues are a problem facin all mankind. Since industry giants have experienced them, Xiongmail is not afraid to experience them too."

21/10/2016:Major DDoS attack cripples Spotify, Github, Twitter in US

A DDoS attack pulled down Github, Reddit, Twitter, Spotify and other major sites across the US east coast today.

The attack, which targeted servers belonging to DNS provider Dyn, also hit customers such as Etsy, Soundcloud, Heroku and Shopify, according to Hacker News.

Dyn said the attack started at 11.10am UTC, and that by 1.20pm it had restored services to normal.

A statement on its status page said: "We began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time. Updates will be posted as information becomes available."

When IT Pro approached Dyn for comment, Scott Hilton,executive VP of products, said the cyber attack was "global" in nature, suggesting quite a large botnet could be roped into the effort, but did not say whether Dyn has identified the source of the attack.

In an emailed statement, he added: "DNS traffic resolved from east coast name server locations are experiencing a service degradation or intermittent interruption during this time. Updates will be posted as information becomes available.

"Upon recognition, active mitigation protocols were initiated and have been working to resolve the issues. Customers with questions or concerns are encouraged to check our status page for updates and reach out to our Technical Support Team.

While it was primarily US east coast servers that were affected, some European users also suffered.

User 'Tzaman' wrote in a comment on Hacker News: "I can't access our production servers which are in US east. Can't access Intercom [a communication platform using Dyn's Managed DNS] with which we provide customer support. Our clients are mailing us that payment provider doesn't work either. So we're losing money while being in central EU."

The news comes after cybersecurity guru Bruce Schneier warned that a nation state was hitting key hosting providers of the world's internet with DDoS attacks.

He said: "Someone is extensively testing the core defensive capabilities of the companies that provide critical internet services."

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

Bank-targeting malware disguises itself as video conferencing software
Security

Bank-targeting malware disguises itself as video conferencing software

19 Oct 2020
What is shoulder surfing?
Security

What is shoulder surfing?

19 Oct 2020
Google blocked record-breaking 2.5Tbps DDoS attack in 2017
Security

Google blocked record-breaking 2.5Tbps DDoS attack in 2017

19 Oct 2020
Microsoft releases two emergency Windows patches
Security

Microsoft releases two emergency Windows patches

19 Oct 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
iPhone 12 lineup official with A14 Bionic chip and 5G support
Mobile Phones

iPhone 12 lineup official with A14 Bionic chip and 5G support

13 Oct 2020
Google blocked record-breaking 2.5Tbps DDoS attack in 2017
Security

Google blocked record-breaking 2.5Tbps DDoS attack in 2017

19 Oct 2020