Was Mirai malware behind Dyn DDoS attack?

IoT-powered malware may have caused Twitter, Spotify & Reddit outage

Mirai, the botnet malware that was made open source at the beginning of this month, was allegedly behind the DDoS attack that took out Twitter, Github and Spotify, among others, on Friday.

The attack, which initially affected the east coast of the US before becoming global later in the evening, used the same IoT-powered malware that knocked security specialist Brian Krebs's website Krebs On Security offline in September, it has been claimed.

Advertisement - Article continues below

In an analysis of the attack, researchers at security vendor Flashpoint claimed they had confirmed that at least some of the infrastructure in the attack was infected by Mirai malware.

Mirai specialises in recruiting IoT devices, such as thermostats, fridges or, as has been identified in this case, webcams to botnets, which are then used to unleash a massive torrent of traffic on the victim - in this case, Dyn.

In a statement, Dyn said it had observed tens-of-millions of discrete IP addresses associated with the Mirai botnet were part of the attack. What, if any, other infrastructure or botnets were involved has not been disclosed by anyone.

In the wake of the attack, Chinese manufacturer Hangzhou Xiongmai has issued a product recall for its webcams in the US after it was revealed the devices were used as part of the attack. It was claimed that easy-to-guess default passwords enabled Mirai to take control of the devices.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

In a staement toBBC News, Xiongmai denied its webcams had made up the bulk of the devices involved, saying: "Security issues are a problem facin all mankind. Since industry giants have experienced them, Xiongmail is not afraid to experience them too."

21/10/2016:Major DDoS attack cripples Spotify, Github, Twitter in US

A DDoS attack pulled down Github, Reddit, Twitter, Spotify and other major sites across the US east coast today.

The attack, which targeted servers belonging to DNS provider Dyn, also hit customers such as Etsy, Soundcloud, Heroku and Shopify, according to Hacker News.

Dyn said the attack started at 11.10am UTC, and that by 1.20pm it had restored services to normal.

A statement on its status page said: "We began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time. Updates will be posted as information becomes available."

Advertisement - Article continues below

When IT Pro approached Dyn for comment, Scott Hilton,executive VP of products, said the cyber attack was "global" in nature, suggesting quite a large botnet could be roped into the effort, but did not say whether Dyn has identified the source of the attack.

In an emailed statement, he added: "DNS traffic resolved from east coast name server locations are experiencing a service degradation or intermittent interruption during this time. Updates will be posted as information becomes available.

"Upon recognition, active mitigation protocols were initiated and have been working to resolve the issues. Customers with questions or concerns are encouraged to check our status page for updates and reach out to our Technical Support Team.

While it was primarily US east coast servers that were affected, some European users also suffered.

User 'Tzaman' wrote in a comment on Hacker News: "I can't access our production servers which are in US east. Can't access Intercom [a communication platform using Dyn's Managed DNS] with which we provide customer support. Our clients are mailing us that payment provider doesn't work either. So we're losing money while being in central EU."

The news comes after cybersecurity guru Bruce Schneier warned that a nation state was hitting key hosting providers of the world's internet with DDoS attacks.

He said: "Someone is extensively testing the core defensive capabilities of the companies that provide critical internet services."

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement
Advertisement

Recommended

Visit/security/encryption/355820/k2view-innovates-in-data-management-with-new-encryption-patent
encryption

K2View innovates in data management with new encryption patent

28 May 2020
Visit/security/phishing/355810/zloader-malware-returns-as-a-coronavirus-phishing-scam
phishing

ZLoader malware returns as a coronavirus phishing scam

27 May 2020
Visit/security/hacking/355806/anarchygrabber-hack-steals-discord-tokens-ids-and-passwords
hacking

AnarchyGrabber hack steals Discord tokens, IDs and passwords

27 May 2020
Visit/security/hacking/355801/scammers-using-coronavirus-contact-tracing-in-hacking-attempt
hacking

Scammers leverage contact-tracing in hacking attempt

27 May 2020

Most Popular

Visit/operating-systems/microsoft-windows/355812/microsoft-warns-against-installing-windows-10-may-2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
Visit/security/data-breaches/355777/easyjet-faces-class-action-lawsuit-over-data-breach
data breaches

EasyJet faces class-action lawsuit over data breach

26 May 2020
Visit/security/cyber-security/355797/microsoft-bans-trend-micros-rootkit-buster-from-windows-10
cyber security

Microsoft bans Trend Micro driver from Windows 10 for "cheating" hardware tests

27 May 2020