Anatomy of An Outage – DDoS Attack Against Dyn
October 29, 2016
On 10/21, a DDoS attack via the Mirai malware was launched against Dyn, the internet infrastructure provider. Apparently the botnet used is built on the backs of attacked IoT devices. Much of the attack involved the use of products consisting of compromised digital video recorders (DVRs) and IP cameras made by a Chinese hi-tech company XiongMai Technologies. The components that XiongMai makes are sold downstream to vendors who then use it in their own products. Default passwords were exploited and it seems that these default passwords are encoded through firmware and were not able to be changed through conventional means.
Imagine when billions of “protected” devices are all connected. That’s a lot of firepower for a potential botnet. Brave new world all over again.