Massive Mirai DDoS Attack ‘Breaks The Internet’

Outage map via downdetector.com

Outage map via downdetector.com

The internet broke on Friday. Or at least, a large, very popular portion of it did.

Hundreds of popular sites including Twitter, Netflix, and CNN have faced intermittent issues and outages following an ongoing Distributed Denial of Service (DDoS) attack on New Hampshire-based Managed DNS provider Dyn.

In a series of statements, Dyn said that it first became aware of the attack around 7:00 a.m. EST Friday morning and that its services were restored roughly two hours later. Two hours after that, the company said it was working to mitigate another attack. The DDoS incident was finally resolved at 10:17 PM Friday night.

Notable sites knocked offline by the attack include:

According to researchers at Flashpoint, the massive DDoS attack was the product of Mirai, a malware that co-opts vulnerable “Internet of Things” (IoT) devices such as CCTV cameras, webcams, DVRs, printers, and more.

Flashpoint researchers found that the botnet used in Friday’s attacks was made up of DVRS and web-connected cameras made by a Chinese company called XiongMai Technologies.

After that revelation, Xiongmai announced a recall of some its products sold in the US and promised stronger password functions and a patch for products made before April last year.

A group called New World Hackers has claimed responsibility for the attack, which they called a “capabilities test,” but the claim has not been independently verified. The New World Hackers group is known for knocking the BBC offline last year.

As of yet, the true intentions of the attack are unknown—it could be a capabilities test for taking down the internet, as indicated by New World Hackers, but  as noted by Paul Mazzucco, TierPoint CSO and Solutions Reviews contributor, DDoS attacks are often deployed as smokescreens, intended to provider rover for a more serious breach or theft of data.

“About one-third of all DDoS attacks are multi-vector attacks that include more subtle invasions that never cross the IT security radar until it’s too late,” said Mazzucco.

The U.S. Department of Homeland Security is monitoring the situation, White House spokesman Josh Earnest told reporters Friday, but has not released any information on who may have been behind the attack.

Follow Jeff

Jeff Edwards

Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large.He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.
Jeff Edwards
Follow Jeff

Leave a Reply

Your email address will not be published. Required fields are marked *