On Friday, Domain Name System provider Dyn said it was experiencing a massive distributed denial-of-service (DDoS) attack, which disabled access to some of the internet’s biggest websites, including Twitter, Tumblr, PayPal, CNN, Spotify, Netflix, Pinterest, parts of Amazon, SoundCloud, GitHub and many more.
Dyn plays an important role in the structure of the web, acting as a digital Yellow Pages, which is why an attack on the company was able to cause such widespread problems.
During the DDoS attack on Dyn, attackers leveraged armies of infected IoT devices to send millions of useless queries, overwhelming the directory service. According to Dyn, the DDoS attack started early Friday morning, and the company’s Network Operations Center (NOC) succeeded in mitigating the attack about two hours later, restoring service to customers.
In the interim, internet traffic to Dyn’s servers located in the East Coast of the US couldn’t reach the sites of some of the companies using Dyn’s services, although customers on the West Coast were able to access the sites. According to Dyn, it never experienced a system-wide outage throughout its ordeal.
A second wave of DDoS attacks started just before noon ET, involving other servers in other locations around the globe, not just the East Coast. This was successfully mitigated in a little over an hour, and services were restored.
A third wave of DDoS attack was attempted, but Dyn said it was able to successfully mitigate this attempt, without any impact on customers.
Calling the attack “sophisticated and highly distributed,” the company said it involved “10s of millions of IP addresses,” with preliminary analysis pointing to the source of the attacks as devices infected by a botnet known as Mirai. Millions of IP addresses associated with the Mirai botnet were part of the attack.
Mirai appropriates IoT devices to form a massive connected network. The devices are then used to swamp websites with requests, overloading the sites and effectively taking them offline.
This attack merely highlights the insecurity of IoT devices, and the potential for bad actors exploring the weaknesses to carry out such wide-scale attacks, more of which will certainly occur, as long as the ubiquitous Internet of Things devices remain unsecured.
Hackers are selling access to numerous hacked IoT devices on the Dark Web, claiming they have been designed to significantly disrupt web connections.
This weekend, Chinese electronics firm Hangzhou Xiongmai Technology, a vendor behind DVRs and internet-connected cameras, said that security vulnerabilities involving weak default passwords in its products were partly to blame. Hangzhou Xiongmai issued a recall in the US for the webcams identified as playing a role in the attack on Dyn.