IoT botnet is partly behind massive DDoS attack
Malware that can build botnets out of IoT devices is at least partly responsible for a massive distributed denial-of-service attack that disrupted US internet traffic on Friday, according to network security companies.
Since Friday morning (21/10/2016), the assault has been disrupting access to popular web sites by flooding a DNS service provider called Dyn with an overwhelming amount of internet traffic.
Some of that traffic has been observed coming from botnets created with the Mirai malware that is estimated to have infected over 500,000 devices, according to Level 3 Communications, a provider of internet backbone services.
About 10% of those Mirai infected devices are participating in the DDoS attack, said Dale Drew, the company’s chief security office in Periscope livestream. However, other botnets are also partaking in the attack, he added.
DDoS attacks and botnets are nothing new. However, the Mirai malware appears especially worrisome for its awesome power. An attack on the web site of cybersecurity Brian Krebs last month managed to deliver 665Gbps of traffic to Kreb’s site, making it one of the largest DDoS attacks ever recorded.
Unlike other botnets that rely on PCs, the Mirai malware targets internet-connected devices such as cameras and digital video recorders (DVR) that have weak default passwords, making them easy to infect. Adding to the worry is that the developer behind Mirai has released the malware’s source code to the hacker community.
Security firm Flashpoint said it has been able to confirm that some of the Mirai-infected machines involved in Friday’s attack are DVRs.
The botnets participating in the assault, however, are separate and distinct from those used to take down Kreb’s web site back In September, the security firm said.
Both Level 3 and Flashpoint have said copycat hackers have been trying to exploit the Mirai code since it was publicly released.
The attack was still ongoing at time of writing, according to Dyn. Its engineers are trying to mitigate “several attacks” aimed at its infrastructure. The company has also reportedly said that the DDOS attacks are coming from “tens of millions of IP addresses at the same time.”
IDG News Service