The internet was burning this morning, or at least a portion of it was.
A cyberattack on Dyn, a major internet management company, left much of the web in shambles, with users reporting issues with popular sites like Twitter, Spotify, SoundCloud, Airbnb, and more. On Friday morning, Dyn informed the public that the company had begun “monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure.” As a result, the firm continued, “Some customers may experience increased DNS query latency and delayed zone propagation during this time.”
A DDoS attack, or “distributed denial of service,” is one of the more common methods used by hackers, and involves sending huge volumes of traffic to certain servers to prevent others from using them. Dyn adds that mostly the eastern portion of the United States is being affected. The outages were first noted by Hacker News, which also reported that “if sites reported as down are working for some users, those users’ machines have likely cached the DNS response for those sites.”
It was unclear at first who was responsible for the DDoS attack, but given the widespread nature of the attack, it seems safe to assume that these folks are no amateurs. At around 8:45 a.m. ET, Dyn noted that the attack was “mainly impacting Managed DNS customers in this [Eastern] region,” and that the company’s engineers were “continuing to work on mitigating this issue.”
As it turns out, the Internet of Things (IoT) was at the root of the attacks, with large numbers various kinds of IoT devices being taken over and used to launch the massive assault on Dyn, as Kreb on Security reports. Everything from CCTV cameras to DVRs was used, and apparently, the nefarious tool used to find and take them over was Mirai, used in an attack on Kreb’s site in September.
Security firm Flashpoint confirmed that Mirai was at least partially involved, and the IoT devices used included components made by Chinese company XiongMai Technologies. As Flashpoint’s director of research said, “It’s remarkable that virtually an entire company’s product line has just been turned into a botnet that is now attacking the United States.” Nixon clarified that while Mirai was certainly involved, there could have been other botnets behind the attacks as well.
Given how ubiquitous IoT is becoming, with millions and perhaps even billions of devices scattered around the world and potential open for being turned into DDoS zombies, it’s likely that attacks like today’s will be repeated. The solution would be to ensure that each and every IoT device is designed against such vulnerabilities and that users apply the proper security principles to keep them locked down.
Updated on 10-21-2016 by Mark Coppock: Added additional information about the likely source the DDoS attack.