It’s beginning to look that way.
Tens of millions of IP addresses were used to take down popular websites like Twitter and Netflix as part of a massive cyberattack on Friday.
DYN says this program can attack anything including your DVR, your camera, your thermostat, if it is connected to the Internet, and they said they even saw an Internet-connected toaster on Kickstarter.
Friday’s cyber attack alarmed security experts because it represented a new type of threat rooted in the proliferation of simple digital devices such as webcams. Attacks continued as the day went on.
Regulators have not yet created clear rules on how they should be protected and even businesses are finding well meaning suppliers or facilities managers have accidentally created holes in their corporate networks by adding connected devices. Dyn officials wouldn’t confirm the figure during a conference call later Friday with reporters. The foundation was laid a month before Friday’s attack.
DDoS attacks shut down websites by essentially flooding them with so much data they can’t process it all.
And it was able to hack into connected home devices such as security cameras and digital video recorders. Dyn, one of several companies responsible for hosting the crucial web directory known as the Domain Name System (DNS), suffered a sustained so-called “distributed denial of service” (DDoS) attack, leading many people intermittently to lose access to specific sites or to the Internet entirely. Security firms have already noticed copycat hackers using it.
Most of the top sites have confirmed the cyber attack.
Either way, stronger security would protect both the devices’ owners and the larger Internet.
The hacks against the DNC have increased political tensions, with the United States directly accusing Russian Federation of carrying out the attacks.
Like with other online attacks, the motivation behind DDoS attacks is usually mischief or money.
This latest attack did not damage the websites themselves. “Analysts are still investigating the potential impact of this activity and it is not yet clear if other botnets are involved”.
That breadth of “attack surface”, as security experts call it, is one of the things that makes Mirai so hard to fight, said Kyle York, Dyn’s chief strategy officer.
According to a senior US intelligence official, the case is being considered as internet vandalism, and does not appear to be a state-sponsored or direct attack. The claims couldn’t be verified.
Security researcher Brian Krebs has been monitoring the situation closely and notes that the attack was orchestrated by the Mirai malware. The attack on the BBC marshalled half the computing power of Friday’s attacks.
Although Dyn managed to fend off the disruption and restore access to its service, Mirai-powered botnets could easily strike again.
Friday’s attack continued into the evening, according to Dyn. The attackers have chosen the Google and OpenDNS to initiate hacking. This can swamp the receiver will so many requests for information that it cannot respond.
US Homeland Security and the Federal Bureau of Investigation (FBI) are investigating the breach. But monthly subscription fees for these services are generally equal to a typical DDoS extortion payment, giving companies little incentive to pay for them.