#CyberHeadlines: Mirai DDoS Attack
On October 21st, dozens of websites were down due to a DDoS attack on the DSN service provider Dyn. Dyn is responsible for translating web addresses for companies such as Twitter, Netflix, Etsy, Github, BBC, The New York Times, Reddit, AWS and many more. The culprit has been identified as Mirai. Mirai is a bot net which overwhelmed Dyn by hacking into hundreds of thousands of IoT devices, such as cameras and DVRs. The attackers had been testing their code- at least- since early September. No malicious end seemed to be in play (ie. No ransome was asked for; no data was stolen or damaged as far as anyone can tell). As IoT develops, we hope that security experts work with developers to ensure the safety of these new innovations.
Since the Mirai botnet source code was released, DDoS attacks have doubled, according to a report by Level 3 Research Labs. Hackers have been leveraging IoT devices to make DDoS-for-hire services; meaning, hackers are creating botnets and sell them for anyone to use. On October 28th, 19-year old Adam Mudd pleaded guilty to running one of the most popular DDoS-for-hire booter tools on the market. The teenager allegedly launched 592 DDoS attacks against 181 IP addresses between Dec. 2013 and March 2014 raking in $385,000 according to the Eastern Region Special Operations Unit. He has been charged and pleaded guilty to two counts of Computer Misuse Act and one count of money laundering.
To learn more about DDoS attacks, check out our blog about it!