The cyber atttack that cut access to some of the world's best known websites on Friday was caused by a botnet runing on common devices like webcams and digital recorders. The attacks struck Twitter, Paypal, Spotify and other customers of an infrastructure company in New Hampshire called Dyn DNS, which acts as a switchboard for internet traffic.
The attackers used hundreds of thousands of internet-connected devices that had previously been infected with a malicious code that allowed them to cause outages that began in the Eastern United States and then spread to other parts of the country and Europe.
Security firm Flashpoint has confirmed that some of the infrastructure responsible for the distributed denial-of-service (DDoS) attacks against Dyn DNS were botnets compromised by Mirai malware. Mirai malware targets Internet of Things (IoT) devices like routers, digital video records (DVRs), and webcams/security cameras, enslaving vast numbers of these devices into a botnet, which is then used to conduct DDoS attacks. Flashpoint has confirmed that at least some of the devices used in the Dyn DNS attacks are DVRs, further matching the technical indicators and tactics, techniques, and procedures (TTPs) associated with previous known Mirai botnet attacks.
"The complexity of the attacks is what’s making it very challenging for us," said Dyn’s chief strategy officer, Kyle York. The U.S. Department of Homeland Security and the Federal Bureau of Investigation said they were investigating.
Dyn said attacks were coming from millions of internet addresses, making it one of the largest attacks ever seen.
The attackers took advantage of traffic-routing services such as those offered by Google and Cisco Systems's OpenDNS to make it difficult for Dyn to root out bad traffic without also interfering with legitimate inquiries.
Dyn said it had resolved one morning attack, which disrupted operations for about two hours, but disclosed a second a few hours later that was causing further disruptions. By Friday evening it was fighting a third.
On Oct 21, 2016, 22:17 UTC, Dyn said that the incident had been resolved.
Recall of some U.S. products
Chinese firm Hangzhou Xiongmai Technology Co Ltd said it will recall some of its products sold in the United States after it was identified as having made parts for devices that were targeted in Friday's hacking.
The electronics components firm, which makes parts for surveillance cameras, said in a statement that it would recall some of its earlier products sold in the United States, strengthen password functions and send users a patch for products made before April last year.
It said the biggest issue was users not changing default passwords, adding that, overall, its products were well protected from cyber security breaches. It said reports that its products made up the bulk of those targeted in the attack were false.
The main products Xiongmai is to recall are all webcam models, it said.