Update: Business risk intelligence firm FlashPoint has published an after-action analysis of the Mirai Botnet attack on Dyn DNS, and its conclusion is it was likely the work of amateur hackers or "script kiddies."
"Flashpoint assesses with moderate confidence that the most recent Mirai attacks are likely connected to the English-language hacking forum community, specifically users and readers of the forum “hackforums.net.”
They also say the intended target may have been "a well-known video game company."
Yesterday, in a blog post on their website, Dyn revealed that the company had identified around 100,000 sources of malicious traffic, all originating from devices compromised and controlled via the Mirai malware.
On Friday (21st October), hackers launched a massive distributed denial of service (DDoS) attack on cloud-based Internet Performance Management (IPM) company Dyn. The unprecedented attack took a number of Dyn’s major clients offline, including Twitter, Spotify, Amazon, Reddit, Netflix, and Paypal.
In a statement on the DNS company’s website, Chief Strategy Officer Kyle York said “this was a sophisticated, highly distributed attack involving 10s of millions of IP addresses.” The attackers used hacked internet of things devices, including digital video recorders and internet routers, to generate massive amounts of digital traffic.
Further, there are indications that Friday’s cyber attacks may just be the beginning.
Here’s everything we know about the attack:
In September, a user by the name of Anna Senpai released the source code for the Mirai botnet on an underground hacking forum. This botnet hacks vulnerable IoT devices, such as security cameras, DVRs and internet routers, by infecting them with malware.
On Friday, hundreds of thousands of these inter-connected devices were used to target Dyn’s servers. One of Dyn’s primary functions is to filter out bad traffic heading to its clients’ websites, and that is what the hackers were hoping to disrupt. They overwhelmed Dyn’s servers, which allowed the hackers to bring down websites like Twitter and Spotify.
A Chinese firm has admitted its hacked products were behind Friday's DDOS attack. Hangzhou Xiongmai Technology, a vendor behind DVRs and internet-connected cameras, said on Sunday that security vulnerabilities involving weak default passwords in its products were partly to blame.
DDos attacks have been around since the dawn of the internet. But the scale of these attacks, and the fact that they targeted IoT devices that can be found in most homes, is what worries security experts. Flashpoint, an expert in cybersecurity and business risk intelligence, say the botnet used to disable Dyn was the same malware responsible for the world's largest ever distributed denial of service (DDoS) attack that took out security journalist Brian Krebs' website last month.
The attacks came after years of warnings from security experts that IoT device manufacturers were paying too little attention to security. "It is just a matter of time until attackers find a way to profit from attacking IoT devices," a report from security firm Symantec warned last year.
The Mirai botnet is comprised of between 500,000 and 550,000 hacked devices from around the world, and about 10% of those were involved in Friday’s attack, said Level 3 Communications chief security officer Dale Drew. These devices have been detected in at least 164 countries, researchers from security firm Imperva reported earlier this month.
This poses a significant challenge for the IoT market, with the IoT security market would value $36.95 billion by 2021, but these latest figures may lead to further growth in this market.
Security experts say it could take years to fix the prevailing issues with IoT, which leaves them susceptible to further attacks. According to a new report from Forbes, hackers are selling access to huge amounts of hacked IoT devices designed to launch attacks on DNS servers like Dyn.
They say security company RSA discovered hackers advertising access to a huge IoT botnet on an underground criminal forum in October. The seller claimed they could generate 1 terabit of traffic, which would equal the world record DDos attack.
For $4,600, anyone could buy access to 50,000 hacked devices, whilst 100,000 would set you back $7,500.
What can people do?
Security experts say there are a number of simple precautionary measures we can take to safeguard our IoT devices. For example, users should regularly change passwords and promptly install any security updates that manufacturers provide. However, even these steps will not fully secure your devices against a determined hacker.
Stay up-to-date with the latest market developments, trending news stories and industry advances with the Research and Markets blog. Don’t forget to join our mailing list to receive alerts for the latest blog plus information about new products.