America’s Internet infrastructure could be seeing other denial-of-service (DDoS) attacks similar to the one targeted at Dyn last week, according to Josh Finke, senior director of sales engineering teams and technology practices at Iron Bow.
The large scale of the attack, the availability of the source code for the malware online, and the number of susceptible Internet of Things (IoT) devices, make this type of attack attractive to hackers.
“There’s a pretty significant chance that this type of attack will happen again,” Finke said.
Internet service providers and companies are scanning their systems for indicators of Mirai malware, which the Department of Homeland Security announced as the culprit of the attack, in order to learn more about this specific type of problem.
“That doesn’t decrease that this will happen again,” Finke said.
Mirai malware is a couple of months old, was made publicly available this month, and cyber professionals believe that the DDoS attack on Dyn is the first iteration of it, according to Finke.
In the past, malware mainly affected personal computers because users accidentally downloaded the software through emails or insecure devices. Mirai does not need any human involvement to infect a system. Mirai targets IoT devices, which then carry out DDoS attack by overrunning specific servers with requests for information.
The Dyn attack targeted commercial DVRs and cameras, most of which were manufactured by one Chinese company that had been set up with the same default password. Once the hackers had used techniques to guess the default password, they had access to IoT devices on which the user hadn’t changed the original password.
“It ended up being a much larger scale than what we’ve typically seen,” Finke said.
Mirai malware was also used to attack Krebs on Security, a cybersecurity news site, and OVH, an Internet Service Provider, earlier this month.
FlashPoint released a report Tuesday that said that the Dyn attack was most likely carried about by an amateur hacker group. Finke said that this logic makes sense. The hack wasn’t politically motivated because of the random array of networks that were affected, including Twitter, Reddit, PayPal, GitHub, Amazon, Netflix, Spotify, and Runescape.
“It doesn’t really look like it was a very coordinated attack,” Finke said.
FlashPoint found out that the attack affected a popular video game company, which “is less indicative of hacktivists, state actors, or social justice communities, and aligns more with the hackers that frequent online hacking forums,” said Allison Nixon, John Costello, and Zach Wikholm of FlashPoint in the report.
Users who want to protect their IoT devices from Mirai malware should change the default password when they buy the device and connect it to a router or other device that has built-in basic security, according to Finke.
“Everybody needs to step back and think about the impact of connecting so many random devices to the Internet,” Finke said.