A massive distributed denial of service (DDoS) attack on Friday slowed down or knocked offline a whole group of major websites, including Twitter, Spotify, Amazon, Reddit, Yelp, Netflix, and The New York Times.
The main cause appears to be a coordinated attack on Dyn, a major DNS host (an intermediary sometimes described as an Internet address book) that says its engineers began monitoring problems at 7:10am ET and “are continuing to investigate and mitigate several attacks aimed against the Dyn Managed DNS infrastructure.”
We already know at least one method the hackers are using. According to security intelligence firm Flashpoint, their researchers have observed a Mirai botnet attacking Dyn. Flashpoint researcher Zach Wikholm had identified two kinds of device that were used in the DDoS. The first was a DVR running the software of the Chinese company previously-identified as being a key target of the Mirai hackers – Hangzhou XiongMai Technologies (XM). The other was a network-attached storage device with a username and password of “root/root”.
Roland Dobbins, principal engineer at Arbor Networks, agrees: ”A significant proportion of the DDoS attack traffic targeting Dyn is being sourced from compromised IoT devices participating in Mirai botnets.”