Security analysts now believe the attack used the “internet of things” – web-connected home devices – to launch the assault.
Dyn is a DNS service – an internet “phone book” which directs users to the internet address where the website is stored. Such services are a crucial part of web infrastructure. On Friday, it came under attack – a distributed denial of service (DDoS) – which relies on thousands of machines sending co-ordinated messages to overwhelm the service. The “global event” involved “tens of millions” of internet addresses.
Security firm Flashpoint said it had confirmed that the attack used “botnets” infected with the “Mirai” malware.
Many of the devices involved come from Chinese manufacturers, with easy-to-guess usernames and passwords that cannot be changed by the user – a vulnerability which the malware exploits. “Mirai scours the Web for IoT (Internet of Things) devices protected by little more than factory-default usernames and passwords,” explained cybersecurity expert Brian Krebs, “and then enlists the devices in attacks that hurl junk traffic at an online target until it can no longer accommodate legitimate visitors or users.”