DNS DDoS attacks caused by 100,000 Mirai-infected devices

News that an IoT botnet shut down the internet connection on Friday for millions of users in the US made headlines across the world. Initial official statements claimed tens of millions of IPs were involved in taking down the DNS infrastructure provided by Dyn, yet further investigation tells another story.

As few as 100,000 connected devices infected with Mirai malware are responsible for the attack, according to Scott Hilton, EVP of Product at Dyn. The reported magnitude is in the 1.2 Tbs range.

“The Friday October 21, 2016 attack has been analyzed as a complex and sophisticated attack, using maliciously targeted, masked TCP and UDP traffic over port 53,” he wrote. “It appears the malicious attacks were sourced from at least one botnet, with the retry storm providing a false indicator of a significantly larger set of endpoints than we now know it to be. We are still working on analyzing the data but the estimate at the time of this report is up to 100,000 malicious endpoints. We are able to confirm that a significant volume of attack traffic originated from Mirai-based botnets.”

We have no control over IoT devices or over devs to develop better security per endpoint. If hackers try hard enough, they will get into any device, making further exploits and attacks inevitable. That doesn’t mean users should sit idle. Change default usernames and passwords on devices, perform regular software updates on them and the security solution, don’t reuse passwords and thoroughly research before you buy.