Malware that can build botnets out of IoT devices is at least partly responsible for a massive distributed denial-of-service attack that disrupted U.S. internet traffic on Friday, according to network security companies.
Since Friday morning, the assault has been disrupting access to popular websites by flooding a DNS service provider called Dyn with an overwhelming amount of internet traffic.
Some of that traffic has been observed coming from botnets created with the Mirai malware that is estimated to have infected over 500,000 devices, according to Level 3 Communications, a provider of internet backbone services.
About 10 percent of those Mirai infected devices are participating in Friday’s DDOS attack, said Dale Drew, the company’s chief security office in Periscope livestream. However, other botnets are also partaking in the attack, he added.
DDOS attacks and botnets are nothing new. However, the Mirai malware appears especially worrisome for its awesome power. An attack on the website of cybersecurity Brian Krebs last month managed to deliver 665Gbps of traffic to Kreb’s site, making it one of the largest DDOS attacks ever recorded.
Unlike other botnets that rely on PCs, the Mirai malware targets internet-connected devices such as cameras and DVRs that have weak default passwords, making them easy to infect. Adding to the worry is that the developer behind Mirai has released the malware’s source code to the hacker community.
Security firm Flashpoint said it has been able to confirm that some of the Mirai-infected machines involved in Friday’s attack are DVRs.
The botnets participating in Friday’s assault, however, are separate and distinct from those used to take down Kreb’s website back In September, the security firm said.
Both Level 3 and Flashpoint have said copycat hackers have been trying to exploit the Mirai code since it was publicly released.
Friday’s attack is still ongoing, according to Dyn. Its engineers are trying to mitigate “several attacks” aimed at its infrastructure. The company has also reportedly said that the DDOS attacks are coming from “tens of millions of IP addresses at the same time.”