April 2017 Digital Edition
March 2017 Digital Edition
Feb. 2017 Digital Edition
January 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
Friday's massive DDoS attack attributed in part to Mirai malware
By Steve Bittenbender
Editor, Government Security News
A New Hampshire company that helps control and direct traffic for numerous Internet sites was the target for Friday by cybercriminals, who unleashed a wave of attacks that blocked some users from accessing popular commercial sites for at various times during the morning and early afternoon hours.
In a company blog post published Saturday, the chief strategy officer for Dyn said the company’s Network Operations Center observed a distributed denial-of-service (DDoS) attack on its servers. In a DDoS attack, perpetrators aim to make Internet resources unavailable to normal users by sending a volume of requests so large that it overloads the network.
In this case, requests from tens of millions of unique Internet-accessible devices flooded the servers, Kyle York said. Among the machines jamming Dyn included those that have been infected with Mirai, a type of malware that allows infiltrators to gain access to such items as remote cameras, routers and even kitchen appliances.
“We are conducting a thorough root cause and forensic analysis, and will report what we know in a responsible fashion,” York said in the blog post. “The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations. We can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet.”
Among the Web sites that went dark to some users Friday morning included Twitter, Reddit, PayPal, Spotify and Netflix.
The first attack commenced around 7 a.m. Eastern Time Friday, and Dyn employees were able to restore service within a couple of hours. The first attack impacted the company’s servers in the eastern United States, meaning users routed to impacted sites from other servers still gained access.
However, just before noon, Dyn experienced a second attack that York said was more global in nature. Even so, not all users were affected the same way. While some users were denied access in the second wave, which York said was resolved by about 1 p.m., the attack only caused slower access for others.
York said a third attempt to inundate the system was thwarted by Dyn staff members.
“On behalf of Dyn, I’d like to extend our sincere thanks and appreciation to the entire internet infrastructure community for their ongoing show of support,” York said. “We’re proud of the way the Dyn team and the internet community of which we’re a part came together to meet yesterday’s challenge.”
Dyn officials will work with law enforcement and other government officials as part of the investigation into the events.
In his daily briefing with reporters on Friday, White House spokesman Josh Earnest said the Department of Homeland Security, which is responsible for protecting the country’s cyberinfrastructure was aware of the incidents and had begun its investigation into the matter.
Cyberattacks have gained attention in recent years as hackers have gained access to critical information stored in public- and private-sector systems. In many cases, millions of users’ sensitive information – including financial and personally identifiable information – became exposed to criminals on the Internet.
There has even been concerns about cyberattacks on the country’s electronic voting devices and systems, as the country’s Presidential election takes place in just over two weeks. Just last week, a survey conducted by Cybereason indicated that more than two-thirds of registered voters see cyberattacks as a bigger threat to the country than ISIS or climate change.
Friday’s attack was different in nature in that it did not cause any data breaches. However, DDoS attacks can serve as a diversion for the kinds of activity that can expose sensitive data, said Dave Larson, chief operating officer of Corero Network Security. Earlier this year, Corero published its second annual DDoS study that highlighted trends for handling such attacks.
“While the network security defenses are degraded, logging tools are overwhelmed and IT teams are distracted, the hackers may be exploiting other vulnerabilities and infecting the environment with various forms of malware,” said Larson, about what else may happen during a DDoS attack, in a statement earlier this year.
York said Friday’s event is part of a growing trend and that the number, nature and duration of DDoS attacks are on the rise.
“As a company and individuals, we’re committed to a free and open internet, which has been the source of so much innovation,” he said. “We must continue to work together to make the internet a more resilient place to work, play and communicate.”