After Internet performance management company Dyn suffered the largest DDoS attack ever registered this past Friday, it does raise the question of the viability of security over the Internet.
The three attacks went after the company’s managed DNS infrastructure. They resulted in the temporary inaccessibility of websites like Twitter, GitHub, PayPal, and Etsy.
“At this point we know this was a sophisticated, highly distributed attack involving 10s of millions of IP addresses. We are conducting a thorough root cause and forensic analysis, and will report what we know in a responsible fashion,” said Dyn’s Chief Strategy Officer Kyle York.
“The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations. We can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.”
Mirai botnets used in the attack against Dyn “were separate and distinct botnets” from those used to execute the DDoS attacks against Brian Krebs’ blog, and French Internet service and hosting provider OVH, said Flashpoint researchers.
“Earlier this month, ‘Anna_Senpai,’ the hacker operating the large Mirai botnet used in the Krebs DDoS, released Mirai’s source code online. Since this release, copycat hackers have used the malware to create botnets of their own in order to launch DDoS attacks,” Flashpoint researches said in a blog post.
Mirai can end up eliminated from infected devices – mostly routers, DVR or WebIP cameras, Linux servers, and Internet of Things devices running Busybox – by rebooting them, but if their owners don’t take measures to protect them, they’ll end up quickly infected again.
While the question of IoT security comes into question, it appears some of these devices can’t end up protected as they should because of hardcoded passwords, and because their manufacturers did not make it possible for them to receive updates.
It remains unclear as to who is behind the attacks.