Last Friday, a large scale DDoS attack broke the Internet, and now we know that botnets using the Mirai malware are at least partially to blame.
Around 7 AM (EST) last Friday, people started noticing that they couldn’t access websites like Twitter, Netflix, Spotify, Reddit, and other frequently-visited sites. That’s because the DDoS attack targeted Dyn Inc., the company that manages web traffic for the aforementioned websites. The first wave of attacks was primarily targeted at those in the East coast of the United States, but subsequent attacks were much more global in nature.
Although the service outage was mitigated within hours, not only did this cause immense confusion and inconvenience to end-users, but it showed the increasing strength of these types of cyber-attacks. So the question is “Who was behind the attacks?”
Well, long story short, we don’t know yet. The US Department of Homeland Security is currently investigating. But we know that these attacks were created by criminal botnets, and at least some of them were infected by the Mirai malware. Mirai is a relatively simple program that even people without much experience can use to take over Internet-connected devices and use them to launch DDoS attacks.
According to Hangzhou Xiongmai Technology, a Chinese firm that sells DVRs and Internet-based cameras, its products played a role in the series of attacks last Friday. Hackers were reportedly able to take advantage of these devices’ weak default passwords to infect them with Mirai and launch the attacks. The company is now advising that customers update their devices and change their private information.
The troubling thing is that the source code for Mirai is already available on the dark web – a marketplace for everything illegal. And security experts had already predicted that the program could be used by hackers in the future, and indeed, they were right. With the emergence of Internet-connected devices (i.e. IoT) and the widespread availability of malware like Mirai that take advantage of these devices, Friday’s attacks might be just the beginning.
Security experts had already predicted that the program could be used by hackers in the future, and indeed, they were right.