The Department of Homeland Security (DHS) believes the series of distributed denial of service (DDoS) attacks that disrupted major websites across the US East Coast on Friday have been mitigated. The attacks targeted Dyn, a New Hampshire-based Internet performance management company.
A DDoS attack is an attempt to make an online service unavailable by overwhelming the targeted system with data. Users reported on Friday they had trouble accessing a number of popular websites, such as Twitter, Reddit, and Spotify.
Kyle York, chief strategy officer for Dyn, said the attacks came in three waves, first hitting the East Coast and later spreading westward. Although Dyn is still investigating the root cause behind the attacks, the company did determine that some of the infrastructure responsible for the attacks were botnets compromised by Mirai malware.
“We can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet,” York said.
Homeland Security Secretary Jeh Johnson confirmed on Monday the involvement of Mirai in the attacks. Mirai has been linked to the compromise of Internet of Things (IoT) devices, such as webcams, home routers and digital video recorders. Dyn is working with federal authorities and law enforcement to investigate the attacks.
“It is said that eternal vigilance is the price of liberty,” York said. “As a company and individuals, we’re committed to a free and open internet, which has been the source of so much innovation. We must continue to work together to make the internet a more resilient place to work, play and communicate.”
Furthermore, DHS’s National Cybersecurity and Communications Integration Center is working with the private sector to develop ways to mitigate against Mirai and other types of malware.
“The Department has also been working to develop a set of strategic principles for securing the IoT, which we plan to release in the coming weeks,” Johnson said.
The incident has raised concerns about IoT security. Just last week, the United States Computer Emergency Readiness Team (US-CERT) warned of the danger posed by the compromise of IoT devices by Mirai and the need to harden systems against DDoS attacks.
US-CERT’s alert said the recent DDoS attacks against security researcher Brian Krebs’ blog “Krebs On Security” and French internet service and hosting provider OVH involved Mirai botnets.
“Recently, IoT devices have been used to create large-scale botnets—networks of devices infected with self-propagating malware—that can execute crippling distributed denial-of-service (DDoS) attacks,” US-CERT stated. “IoT devices are particularly susceptible to malware, so protecting these devices and connected hardware is critical to protect systems and networks.”
With the rise of IoT-enabled attacks, York stressed the importance of collaboration and information-sharing in mitigating cybersecurity incidents. Dyn credits the success of the company’s response to the massive DDoS attack to the support and cooperation of law enforcement, other service providers, and members of the internet community.
“It is said that eternal vigilance is the price of liberty,” York said. “As a company and individuals, we’re committed to a free and open internet, which has been the source of so much innovation. We must continue to work together to make the internet a more resilient place to work, play and communicate.”
