"The 2016 Dyn cyberattack took place on October 21, 2016, and involved multiple denial-of-service (DoS) attacks targeting systems operated by Domain Name System (DNS) provider Dyn which made major internet platforms and services unavailable to large swaths of users in Europe and North America. The groups Anonymous and New World Hackers claimed responsibility for the attack.
The activities are believed to involve a botnet coordinated through a large number of internet-connected devices—such as printers, cameras, home routers and baby monitors—that had been infected with the Mirai malware."
"Mirai (Japanese for "the future") is malware that turns computer systems running Linux into remotely controlled "bots", that can be used as part of a botnet in large-scale network attacks."
Friday's East Coast Internet Outage Is a Major DDOS Attack | WIRED
"Dyn offers Domain Name System (DNS) services, essentially acting as an address book for the Internet. DNS is a system that resolves the web addresses we see every day, like https://www.WIRED.com, into the IP addresses needed to find and connect with the right servers so browsers can deliver requested content"
An IoT botnet is partly behind Friday's massive DDOS attack | PCWorld
"Some of that traffic has been observed coming from botnets created with the Mirai malware that is estimated to have infected over 500,000 devices"
The Dyn Attack on the Internet and Who to Blame For It @ Fortune
"A list of alleged culprits, compiled by security researcher Brian Krebs, include familiar names like Panasonic, Samsung and Xerox printers. The names also include lesser known makers of routers and cameras, which reportedly made up the bulk of the bot-net army."
"The malware, dubbed “Mirai,” spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default usernames and passwords."
Last Week’s DDoS Attack Might Only Be The First Volley | On Point
Everything We Know About the Cyber Attack That Crippled America's Internet
The Dyn DDoS Attack: Two Key Lessons for Cyber Security | Satyamoorthy Kabilan | Pulse | LinkedIn
National Cyber Security Awareness Month | Homeland Security
10 Best Free DNS Hosting Providers
How Domain Name Servers Work | HowStuffWorks
IoT Device Maker Vows Product Recall, Legal Action Against Western Accusers — Krebs on Security
Microsoft Launches Azure-Based Security Program For Internet Of Things - ARC - ARC
So what actually happened?
Network connected devices, in this case running basic Linux, with default passwords, get exposed on Internet (or on local network with other infected machines). Malware scans networks for such machines and configures them to frequently access selected addresses. When too many of infected machines start accessing selected addresses, servers and network capacity becomes limited for serving normal traffic, such as network address resolution in this case. Resolving this requires complex adjustments of network traffic.
Simple solution: change password on devices, and don't expose them (via NAT) on internet.
Simple solution: change password on devices, and don't expose them (via NAT) on internet.
No comments:
Post a Comment