In-brief: A denial of service attack on the managed DNS firm DYN was due, in part, to attacks from Internet of Things devices running the Mirai malware, the firm Flashpoint reported.
Analysis by the firm Flashpoint suggests that large-scale denial of service attacks against the managed DNS provider DYN on Friday were carried out, in part, by cameras, digital video recorders and other “Internet of Things” endpoints infected with the Mirai malware.
In a blog post, Flashpoint said its analysis confirmed that some of the malicious infrastructure responsible for the distributed denial-of-service (DDoS) attacks were running the Mirai malware.
From the blog post:
Flashpoint has confirmed that at least some of the devices used in the Dyn DNS attacks are DVRs, further matching the technical indicators and tactics, techniques, and procedures (TTPs) associated with previous known Mirai botnet attacks.
However, unlike the botnets used to launch attacks against the website of Krebs On Security and the French Hosting firm OVH, the botnet used in the attack on DYN were “separate and distinct botnets from those used to execute the DDoS attacks against Krebs on Security and OVH,” Flashpoint said.
The source code for Mirai was released as open source code in early October and since has been adopted by other DDoS for hire groups to create their own Mirai botnets.