Using hacked “Internet of Things” (IoT) devices, cyber criminals had launched a massive internet attack on the Internet infrastructure company – Dyn, leading to a mammoth internet outage that affected major websites like Twitter, Reddit, Netflix, Spotify, Tumblr and Amazon. Dyn manages domain name system (DNS) services.
The attack had caused network congestion that prevented users from accessing these websites. Cyber criminals had recruited digital video recorders, CCTV video cameras and other such IoT devices for the DDoS attack.
Cyber security experts have discovered that the hackers had used the Mirai malware that had earlier been used in other major DDoS attacks. Adding fuel to fire, the creator of the Mirai malware using the nickname “Anna-senpai,” had publicly released the Mirai source code on Hackforums – a popular English-language hacking forum. Now, every cyber criminal has been given a powerful malware tool on a platter. All they have to do is unleash it to build their own bot armies.
How the Mirai Works?
Mirai targets IoT devices with their default username and passwords, plus a little more that default values. In many instances, users have not changed the factory-default usernames and passwords. In some cases these credentials – user name and password or password alone are hard-coded into the device and cannot be changed. Whether this demonstrates the careless attitude of the IoT device manufacturer or whether it has been purposefully done, will be known in the days to come.
Even when the credentials can be changed, some of these devices can be accessed and compromised through “Telnet” and “SSH.”
When the Mirai gains access to IoT devices it enlists these devices into its bot army, and uses them in DDoS attacks at specific targets. The enlisted devices hurl junk traffic that overwhelm the handling capacity of the website till legitimate visitors are no longer able to access the website. Cyber experts believe that multiple botnets could have been used in the attack against Dyn.
The Dyn Target
Analysis of the Dyn attack by cyber security experts has revealed that most of the IoT devices in the botnet belonged to IP cameras and digital video recorders manufactured by XiongMai Technologies, China. Further, XiongMai components are also used by other vendors in their devices.
These IoT devices are widely used as they are inexpensive. While the manufacturer has claimed that the bug has been fixed in later released devices, there seem to be plenty and plenty available for bot recruitment. And as long as they are being used, they can be recruited for abuse.
Cyber criminals had launched three DDoS attacks against Dyn. Considering the grave nature of the internet being brought down, the US Department of Homeland Security has launched an investigation. Vulnerability scans of IoT devices must determine the security of the accessibility of IoT devices. Sophisticated vulnerability scans on the same lines of the Mirai must be used to find out devices that can be easily compromised and appropriate protection measures must be taken.