A few days ago, a large-scale DDoS attack hit hundreds of high-traffic websites, including New York Times, CNN, BBC, Netflix, Reddit, Twitter, Spotify, and eBay. The attack, which brought the internet to its knees, actually targeted Dyn, a company that manages critical parts of the internet infrastructure.
Scott Hilton, Dyn's executive director, in today's statement reveals that a botnet consisting of approximately 100.000 vulnerable IoT devices infected with Mirai malware was the driving force behind the DDoS attacks that hit the company.
Last Saturday, Dyn, in an announcement about the incident, confirmed that a powerful botnet consisting of compromised devices that had been infected with Mirai, participated in the attacks.
Yesterday, in a second statement on the issue, the company revealed that after analyzing DDoS traffic, it was able to identify more than 100.000 sources of malicious traffic, which came from devices controlled by Mirai malware.
Dyn was hit by a DDoS DNS attack
More technical details about the attack became known today, with Hilton reporting that the attackers launched the DDoS attack using DNS TCP and UDP packets. Although this type of attack is highly simplistic, the attackers managed to crush Dyn's security measures and wreak havoc on its internal systems.
As the attack targeted Dyn's managed DNS service, the company had difficulty distinguishing between legitimate DNS queries and junk DNS data sent through the attack. This was the reason why the managed DNS service failed so badly, shutting down a large part of the internet, as a result of which websites that used Dyn to manage their DNS Servers, such as Reddit, Imgur, Twitter, "fell". , GitHub, Paypal etc.
The company did not reveal the real magnitude of the attack, but several researchers argue that it even exceeds even the largest DDoS attack that has been recorded to date, measuring 1,1 Tbps.
Hilton said Dyn was now working with law enforcement authorities to investigate the case.