Domain name services (DNS) provider Dyn has confirmed that an attack which took down major websites late Friday was the result of a distributed denial of service (DDoS) attack perpetrated using the Mirai botnet.
When the source code for the Mirai botnet, a chunk of malware designed to infect badly-made internet of things (IoT) products like IP cameras and 'smart' home thermostats through the fiendish technique of simply logging in using the manufacturer's pre-set default username and password combination, was released by its creator
, experts warned that its use was only likely to increase. It hasn't taken long to come true: DNS provider Dyn has confirmed that the attack which took out major internet sites late last Friday was powered in no small part by Mirai.
'We can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet,
' explained Dyn's chief strategy officer Kyle York in an analysis
of the attack. How large a source was Mirai? 'We observed tens of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.
While the severity of the attack's initial wave was limited due to Dyn's distributed nature, meaning that only selected regions were affected by the outage, a second attack occurring a few hours later caused global outages for around an hour. A third attack was mitigated without customer-facing effect, York has claimed.
Thus far, no-one has stepped forward to take responsibility for the attack, and Dyn has not mentioned receiving ransom demands or other communications from the attacker(s). Some in the security industry, commenting on a brief post
by Bruce Schneier, have suggested the attack may be retaliation for Dyn's work in alleviating a separate DDoS attack against security researcher Brian Krebs' website.