Carelessly Unsecured IoT Devices Again Were Leveraged For Yesterday’s Massive DDoS Attack
So here we go again, another "massive and sustained Internet attack" made possible by a large collection of hacked Internet of Things (IoT) devices, things such as CCTV video cameras, digital video records, all sorts of smart home gadgets with a connection to the Internet, KrebsOnSecurity has determined. This is not the first time it has happened and it won't be the last.
The recent attack, an apparent retaliation by WikiLeak supporters after the Obama administration allegedly used its influence to push the Ecuadorian government to cut off Internet access to whistleblower Julian Assange, focused its artillery of hacked IoT devices on DNS provider Dyn. It was another large scale DDoS attack, this time able to prevent many Internet users in the U.S. from accessing popular sites and online services in its path, such as Amazon, Netflix, Reddit, Spotify, Twitter, and Tumblr.
XiongMai Mini Cub IP Camera
As with some recent attacks that took advantage of unsecured IoT devices, this latest one involved a malware strain called Mirai, the same that's been setting records for the amount of traffic it has been able to use in a series of DDoS attacks, including one that peaked at 1Tbps around this time last month. The malware's author released the source code to the public, a move that virtually ensures many more large scale DDoS attacks using hacked IoT devices will occur.
Citing researchers at security firm Flashpoint, Krebs says the attack on Dyn was at least partially initiated by a Mirai-based botnet. It used hacked IoT devices mainly consisting of digital video recorders and IP cameras made by a Chinese company called XiongMai Technologies. The components it sells are sold to vendors, who then use them in their own products.
"It’s remarkable that virtually an entire company’s product line has just been turned into a botnet that is now attacking the United States," said Allison Nixon, director of research at Flashpoint.
Nixon added that multiple botnets might have been at play here.
"At least one Mirai [control server] issued an attack command to hit Dyn. Some people are theorizing that there were multiple botnets involved here. What we can say is that we’ve seen a Mirai botnet participating in the attack."
It's going to take some time before these types of attacks stop or become manageable. With Mirai's source code freely available, anyone with a grudge can tap into the growing number of unsecured IoT devices out there. To prevent that from happening, it's going to take a concerted effort by both devices makers and consumes to make sure that home appliances and other Internet-connected gear are properly secured.
Thumbnail Image Source: Wikimedia Commons (Wilgengebroed on Flickr)
The recent attack, an apparent retaliation by WikiLeak supporters after the Obama administration allegedly used its influence to push the Ecuadorian government to cut off Internet access to whistleblower Julian Assange, focused its artillery of hacked IoT devices on DNS provider Dyn. It was another large scale DDoS attack, this time able to prevent many Internet users in the U.S. from accessing popular sites and online services in its path, such as Amazon, Netflix, Reddit, Spotify, Twitter, and Tumblr.
XiongMai Mini Cub IP Camera
Citing researchers at security firm Flashpoint, Krebs says the attack on Dyn was at least partially initiated by a Mirai-based botnet. It used hacked IoT devices mainly consisting of digital video recorders and IP cameras made by a Chinese company called XiongMai Technologies. The components it sells are sold to vendors, who then use them in their own products.
Nixon added that multiple botnets might have been at play here.
"At least one Mirai [control server] issued an attack command to hit Dyn. Some people are theorizing that there were multiple botnets involved here. What we can say is that we’ve seen a Mirai botnet participating in the attack."
Thumbnail Image Source: Wikimedia Commons (Wilgengebroed on Flickr)
