Dynamic Network Services Inc. published its analysis of the distributed denial of service attacks that disrupted U.S. access to popular websites last Friday, saying the malicious traffic stemmed from a botnet targeting internet-connected devices.
“We are able to confirm that a significant volume of attack traffic originated from Mirai-based botnets,” Scott Hilton, Dyn’s executive vice president of products, wrote in the analysis posted on the Manchester, N.H.-based company’s website.
The attack “highlighted vulnerabilities in the security of ‘Internet of Things’ (IOT) devices that need to be addressed,” Hilton added.
Cybersecurity expert Brian Krebs explains that Mirai is malware code that continually scans for poorly protected IoT devices that it then takes over. Krebs reported that the source code for Mirai was publicly released last month.
Hilton said the first cyberattack began at 7:10 a.m. ET on Friday, when Dyn noticed elevated bandwidth against its domain name service platform in the Asia Pacific, South America, Eastern Europe and U.S.-West regions. As the company initiated its incident response protocols, the attacks suddenly began honing in on the East Coast of the United States, preventing millions of users from accessing popular websites, according to Hilton.
The attacks subsided after the company deployed security measures at 9:20 a.m., but a second, more globally diverse attack began around 11:50 a.m., according to Hilton. He said the company was able to “substantially recover” by 1 p.m., but that residual system problems persisted until 4 p.m.
Hilton estimated that approximately 100,000 malicious endpoints were involved in the attack, suggesting that a significant number of IoT devices were hijacked by the botnet. He said initial indications pointing to a much larger number of affected devices actually stemmed from legitimate customer retries, which in turn contributed to higher traffic volume.
Sen. Mark Warner (D-Va.), a cofounder of the Senate Cybersecurity Caucus, sent a letter to Federal Communications Commission Chairman Tom Wheeler on Tuesday, asking him to explore ways to help internet service providers prevent malicious attacks stemming from hijacked IoT devices.