Nov. 7, 2016 | By Yacin Nadji
A large distributed denial of service (DDoS) attack temporarily disabled some of the DNS provider Dyn's customers, including Twitter, Spotify, Github, and many others during the latter half of October. While using standard DDoS techniques, this attack was launched by the Mirai botnet, which is comprised of Internet of Things (IoT) devices. Numerous groups, including the U.S. Department of Homeland Security, are investigating the threat and attempting to attribute the attacks.
IISP Analyst Yacin Nadji: "DDoS attacks have been getting more publicity these days and other security experts are predicting more powerful are yet to come. Although novel for relying on IoT devices, the Mirai botnet compromised hosts using one of the earliest tricks in the book: a dictionary attack of lists of known default credentials. This highlights a big fear involving IoT devices, namely, their development processes do not follow established security practices. The attack against DNS infrastructure also is interesting because as more devices rely on Internet infrastructure to function—like security cameras and wireless door locks—disabling fundamental infrastructure like the DNS can lock users out if appropriate failover mechanisms are not in place."
For further reading
- TechCrunch: https://techcrunch.com/2016/10/21/many-sites-including-twitter-and-spotify-suffering-outage/
- KrebsOnSecurity.com: https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/
- TechTarget.com: http://searchsecurity.techtarget.com/news/450401962/Details-emerging-on-Dyn-DNS-DDoS-attack-Mirai-IoT-botnet