Botnets created from hacked connected devices and Mirai malware were involved in Friday’s cyber attack
Chinese firm admits its hacked connected devices such as DVRs, cameras were behind Friday’s massive DDOS attack.
According to security researchers, malware known as Mirai has been taking advantage of these vulnerabilities by infecting the devices and using them to launch huge distributed denial-of-service attacks, including Friday’s outage. Mirai works by overtaking IoT devices to form a massively connected network. The devices flood websites with requests, overloading the sites and effectively bringing them down.
The infrastructure responsible for the distributed denial-of-service (DDoS) attacks against Dyn DNS were botnets compromised by Mirai malware. Mirai botnets were previously used in DDoS attacks against security researcher Brian Krebs’ blog “Krebs On Security” and French internet service and hosting provider OVH.
Mirai malware targets Internet of Things (IoT) devices like routers, digital video records (DVRs), and webcams/security cameras, enslaving vast numbers of these devices into a botnet, which is then used to conduct DDoS attacks. Some of the devices used in the Dyn DNS attacks are DVRs.
Flashpoint has confirmed that Mirai botnets were used in the October 21, 2016, attack against Dyn, they were separate and distinct botnets from those used to execute the DDoS attacks against “Krebs on Security” and OVH.
“Anna_Senpai,” the hacker operating the large Mirai botnet used in the Krebs DDoS, released Mira’s source code online. Since this release, copycat hackers have used the malware to create botnets of their own in order to launch DDoS attacks. The relationship between the ongoing Dyn DDoS attacks, previous attacks, and “Anna_Senpai” is unclear.
The Chinese electronics component manufacturer says its Hacked Connected Devices inadvertently played a role in the massive cyber attack that disrupted the major internet sites in the U.S. on Friday. Hangzhou Xiongmai Technology, one vendor behind the DVRs and internet-connected cameras, admitted that some security vulnerabilities were the result of the weak default passwords in its products.
“Mirai is a huge disaster for the Internet of Things,” Xiongmai said in an email to IDG News Service. “(We) have to admit that our products also suffered from hacker’s break-in and illegal use.”
Although Dyn managed to fend off the disruption and restore access to its service, Mirai-powered botnets could easily strike again.