Skip to main content

Dyn confirms Mirai malware was used in DDoS attacks

The distributed denial of service (DDoS) attack that was launched against the DNS service provider Dyn last week was carried out by a Mirai botnet that exploited tens of thousands of connected-devices.

The attack, which brought a number of high-profile sites offline for several hours including Netflix, Spotify, Amazon and Twitter, was the result of cyber attackers taking advantage of the poor security in IP cameras, home controllers and other connected Internet of Things (IoT) devices. Analysts have been able to confirm that the Mirai malware played a large part in the attack's effectiveness.

This malware exploits devices by taking control of them after gaining access through default usernames and passwords. Consumers often overlook the security of connected devices and either make no attempt or forget to change their default passwords. Cyber attackers are aware of this and have begun to recruit these devices for additional compute power when launching DDoS attacks.

It has been known for some time that IP cameras and other connected-devices are vulnerable to attack but this is the first time that they have been used on this scale. On Friday, the attackers that targeted Dyn were able to carry out three separate DDoS attacks in a relatively short amount of time.

Kyle York, Dyn's Chief Strategy Officer, responded to the attack in a blog post, saying: "It is said that eternal vigilance is the price of liberty. As a company and individuals, we're committed to a free and open internet, which has been the source of so much innovation. We must continue to work together to make the internet a more resilient place to work, play and communicate. That's our commercial vision as a company and our collective mission as an internet infrastructure community.”

Analysts have highlighted the vulnerabilities of IP cameras for some time though this incident will likely lead to more awareness regarding this issue. Cyber attackers have been turning to these devices for help more often and websites which contain directories of unprotected webcams have even appeared online to aid others in exploiting them.

Friday's DDoS attack is the largest of its kind yet and hopefully it serves as a constant reminder to consumers and businesses to take the necessary steps to protect their IoT devices from future attacks.

Ryan Lester, Director of IoT Strategy at Xively by LogMeIn commented: "This incident further reinforces the need for rigorous assessment of security implications at the outset of any Internet of Things project. The Internet of Things comes with a whole new set of security challenges and product companies must ensure that security is purpose-built for the IoT and that it is entrenched in every aspect – infrastructure, apps, connections, etc. Product companies also need to avoid security shortcuts, such as embedded private keys and weak authentication, which can speed up the development phase but can be quite risky and negatively affect consumer confidence in the long term.

"A thorough evaluation of the security implications will ultimately save time and cost of flaws discovered down the road. The consequences of which can be financially debilitating and long-lasting."

Image Credit: Profit_Image / Shutterstock

Anthony Spadafora
After living and working in South Korea for seven years, Anthony now resides in Houston, Texas where he writes about a variety of technology topics for ITProPortal.