DDoS Attack on Dyn: Largest of Its Kind Involving 100,000 Mirai Botnets

Mirai botnet played a vital role in Dyn DDoS attack – Researchers believe the attack was up to 1.2 Tbps

Last week HackRead reported the involvement of Mirai botnet in distributed denial of service (DDoS) attack on Dyn DNS, an Internet performance management company. Now, experts have also revealed that Mirai played a major role during the attack. They also have termed this attack as the largest attack of its kind in history.

During the attack, Dyn’s servers remained suspended for the most part of the day due to which popular websites including Twitter, Netflix, CNN, Reddit and the Guardian etc could not be accessed in the US and also in some areas in Europe.

In an official blog post posted by Dyn, it was revealed that Mirai botnet was the primary source of the “malicious attack traffic.”

Botnets are specially designed network of computers infected with malware. These botnets can bombard any server with the humongous influx of web traffic. This eventually makes it difficult for the server to handle the traffic and it collapses causing breakdown of the entire DNS.

The interesting part is that Mirai botnet represents a completely different breed of botnets because it is made up of IoT (internet of things) devices. Any IoT device such as DVR player or digital camera can act as a Mirai botnet if infected with the malware.

Obviously, there are hundreds of thousands of IoT devices connected to the internet, and this aspect has made Mirai such a big threat. Given the large number of devices to choose from, every attack conducted via Mirai becomes large-scale and highly devastating for the victim. Usually, standard DDoS attacks do not achieve such magnanimity as is showcased by Mirai.

As per Dyn, the attack involved the use of around “100,000 malicious endpoints,” while the strength of the attack was estimated to be 1.2Tbps.

Dyn also suggested that the hackers who caused this internet outage in the US might be holding back by using 100,000 devices since experts have observed over 500,000 devices have been infected with Mirai due to their weak default passwords. Therefore, Dyn researcher believes that the hackers could have launched a more powerful attack but they chose to downplay this time.

That’s true because where a majority of moderate firms would crumble with an attack of 10 Gbps, bigger companies would require the strength of 100 Gbps to crumble.

As per the analysis of Level 3, a lot of the Mirai infected devices were sourced from IP addresses located in 164 countries. Most of the addresses were identified in Columbia, Vietnam, Brazil and the US. On the other hand, CCTV cameras ranked at the top in the list of most infected IoT devices.

As of now, there is no absolute news about who was behind Friday’s attack on Dyn but according to some security experts, it could be the job of amateur hackers because last month Mirai’s source code was leaked to the hacking community. Thus, anyone can use this botnet as per the capabilities.

However, Level3 Communications believe that Mirai is not solely responsible for the Dyn attack and other botnets were also involved. At the same time, FlashPoint researchers also linked the famous hacking forum hackforum.net with the Dyn DDoS attack.

“We’ve seen at least one, maybe two behaviors that aren’t consistent with Mirai,” said Dale Drew, Level 3 CSO. Drew added that the perpetrators of the cyber-attack may have used multiple botnets to evade detection.

There are thousands of unprotected security and webcams in the United States ready to used by hackers to conduct further cyber-armageddon. In such circumstances, Xiongmai’s decision to recall their webcams is a drop in the bucket.

Click here to see which state in the US has more unprotected cameras.

Remember, a couple of days ago, a Chinese electronics company Hangzhou Xiongmai recalled its devices after discovering their involvement in the cyber attack on Dyn. However, Xiongmai also blamed customers for not changing their device’s default credentials. So if you own an internet connected device change their default login credentials. 

Related Posts