Behind DYN attack: Mirai malware

in Tech & Cyber by

Dyn, Inc. is an Internet management company, offering products to monitor, control, optimize online infrastructure, and a domain registration services and email products that, on october 21st, was attacked with a distributed denial of service and, as a consequence, sites as Twitter, Reddit, Github, Amazon, Netflix, Spotify, Runescape became unreachable.

The double attack took place in the same day agains the company’s DNS infrastructure:

  • First Attack: began around 11:10 UTC against the Managed DNS platform in the Asia Pacific, South America, Eastern Europe, and US-West regions that presented in a way typically associated with a DDoS attack. Mitigation efforts were fully deployed by 13:20 UTC; the attack subsided shortly after:
  • Second Attack: it began at 15:50 UTC and was different from the first. The company managed to cope with the attack at 17:30 UTC, but it really finished in the evening, around 20:30 UTC.

It’s now clear that it was an IOT botnet attack with an open source software called Mirai.

Mirai serves as the basis of an ongoing DDoS-for-hire ‘booter’/‘stresser’ service which allows attackers to launch multiple DDoS attacks.

Nowadays the original Mirai botnet has been modified by users all around the world and high concentrations of Mirai nodes have been observed in China, Hong Kong, Macau, Vietnam, Taiwan, South Korea, Thailand, Indonesia, Brazil, and Spain.

Using thousands of devices all around the world (thanks to Internet of things technologies), with an estimated load of 1.2 terabits per second, the attack is the largest DDOS ever.

U.S. authorities investigations haven’t identified the authors yet, even if Anonymous and New World Hackers claimed responsibility for the attack.

Bookreporter Settembre

Lascia un commento

Your email address will not be published.