Was Mirai malware behind Dyn DDoS attack?

IoT-powered malware may have caused Twitter, Spotify & Reddit outage

Mirai, the botnet malware that was made open source at the beginning of this month, was allegedly behind the DDoS attack that took out Twitter, Github and Spotify, among others, on Friday.

The attack, which initially affected the east coast of the US before becoming global later in the evening, used the same IoT-powered malware that knocked security specialist Brian Krebs's website Krebs On Security offline in September, it has been claimed.

In an analysis of the attack, researchers at security vendor Flashpoint claimed they had confirmed that at least some of the infrastructure in the attack was infected by Mirai malware.

Mirai specialises in recruiting IoT devices, such as thermostats, fridges or, as has been identified in this case, webcams to botnets, which are then used to unleash a massive torrent of traffic on the victim - in this case, Dyn.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

In a statement, Dyn said it had observed tens-of-millions of discrete IP addresses associated with the Mirai botnet were part of the attack. What, if any, other infrastructure or botnets were involved has not been disclosed by anyone.

In the wake of the attack, Chinese manufacturer Hangzhou Xiongmai has issued a product recall for its webcams in the US after it was revealed the devices were used as part of the attack. It was claimed that easy-to-guess default passwords enabled Mirai to take control of the devices.

In a staement toBBC News, Xiongmai denied its webcams had made up the bulk of the devices involved, saying: "Security issues are a problem facin all mankind. Since industry giants have experienced them, Xiongmail is not afraid to experience them too."

21/10/2016:Major DDoS attack cripples Spotify, Github, Twitter in US

A DDoS attack pulled down Github, Reddit, Twitter, Spotify and other major sites across the US east coast today.

The attack, which targeted servers belonging to DNS provider Dyn, also hit customers such as Etsy, Soundcloud, Heroku and Shopify, according to Hacker News.

Advertisement - Article continues below

Dyn said the attack started at 11.10am UTC, and that by 1.20pm it had restored services to normal.

A statement on its status page said: "We began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time. Updates will be posted as information becomes available."

When IT Pro approached Dyn for comment, Scott Hilton,executive VP of products, said the cyber attack was "global" in nature, suggesting quite a large botnet could be roped into the effort, but did not say whether Dyn has identified the source of the attack.

In an emailed statement, he added: "DNS traffic resolved from east coast name server locations are experiencing a service degradation or intermittent interruption during this time. Updates will be posted as information becomes available.

Advertisement
Advertisement - Article continues below

"Upon recognition, active mitigation protocols were initiated and have been working to resolve the issues. Customers with questions or concerns are encouraged to check our status page for updates and reach out to our Technical Support Team.

While it was primarily US east coast servers that were affected, some European users also suffered.

Advertisement - Article continues below

User 'Tzaman' wrote in a comment on Hacker News: "I can't access our production servers which are in US east. Can't access Intercom [a communication platform using Dyn's Managed DNS] with which we provide customer support. Our clients are mailing us that payment provider doesn't work either. So we're losing money while being in central EU."

The news comes after cybersecurity guru Bruce Schneier warned that a nation state was hitting key hosting providers of the world's internet with DDoS attacks.

He said: "Someone is extensively testing the core defensive capabilities of the companies that provide critical internet services."

Featured Resources

Digital Risk Report 2020

A global view into the impact of digital transformation on risk and security management

Download now

6 ways your business could suffer if you don’t backup Office 365

Office 365 makes it easy to lose valuable data regularly, unpredictably, unintentionally, and for good

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now

8 digital best practices for IT professionals

Don't leave anything to chance when going digital

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Visit/policy-legislation/data-protection/354814/google-to-shift-uk-user-data-to-the-us-post-brexit
data protection

Google to shift UK user data to the US post-Brexit

20 Feb 2020
Visit/security/34616/the-top-ten-password-cracking-techniques-used-by-hackers
Security

The top ten password-cracking techniques used by hackers

10 Feb 2020