Last week, a cyberattack on internet service and DNS management company Dyn made inaccessible several highly trafficked websites including Twitter, PayPal, GitHub, Netflix, The New York Times, Vox Media, and more.
Dyn was hit with a DDoS attack—Distributed Denial of Service. With DDoS attacks, computers, sometimes millions of them, pummel a website or server with immense amounts of data traffic simultaneously, which overloads the target system and causes disruption and outages.
After a series of attacks, Dyn says the issue has been resolved in a statement on its website, “While there was a third attack attempted, we were able to successfully mitigate it without customer impact.”
In this attack, tens of millions of internet-connected devices flooded Dyn’s network. These are devices owned by everyday people. The devices were infected with malware known as the Mirai botnet.
Cybersecurity researchers discovered that the Mirai botnet mostly infects internet-connected security cameras, DVRs, and routers. Mirai-infected devices have been found in over 160 countries.
How does Mirai infect a home user’s Wi-Fi router or DVR? By using brute force to guess the management password of these devices. By using weak passwords or leaving the default password intact after purchase, customers place their devices at risk for infection.
Interestingly, computer security company Incapsula discovered that the makers of the Mirai botnet deliberately programmed the malware not to infect specific devices. These spared devices belong to the US Postal Service, the Department of Defense, the Internet Assigned Numbers Authority (IANA) and IP ranges belonging to Hewlett-Packard and General Electric.
The sophistication of the malware and the enormity of the attack have prompted the Department of Homeland Security and the FBI to initiate an investigation. According to a statement released by Dyn, the company is cooperating with authorities:
Dyn is collaborating with the law enforcement community, other service providers, and members of the internet community who have helped and offered to help. The number and type of attacks, the duration, the scale, and the complexity of these attacks are all on the rise. As a company, we have for years worked closely with the internet community to assist when others encountered attacks like these and will continue to do so.