lolloj - Fotolia
In this Risk & Repeat podcast, SearchSecurity editors discuss the latest information on the Mirai IoT botnet and the latest DDoS attacks, and what it means for enterprise security.
The fallout from IoT botnet attacks continued as investigations revealed additional details about how the Mirai malware was used to disrupt DNS provider Dyn and who may have been behind the attack.
After the initial DDoS attacks on infosec journalist Brians Krebs and European hosting firm OVH in September, the source code for Mirai, the IoT botnet behind the attacks, was released to the public on a hacker forum. Experts at the time warned the release of the Mirai code could lead to more attacks leveraging insecure IoT devices. Those concerns were realized weeks later when another round of powerful DDoS attacks hit Dyn, which later confirmed that the Mirai IoT botnet was the primary source of the malicious traffic. Dyn's investigation also showed that while "tens of millions" of IP addresses were initially thought to be part of the attacks, only 100,000 IoT devices were estimated to be involved; additional traffic was later determined to be "legitimate retry activity."
Dyn said it was unable to confirm estimates that the attacks generated 1.2 Tbps malicious traffic, which was primarily masked TCP and UDP traffic over port 53. Meanwhile, cybersecurity firm Flashpoint issued an investigative report claiming "with a high degree of confidence" that the perpetrators behind the Dyn attacks were not nation-state hackers. Instead, Flashpoint said the threat actors were most likely "script kiddies" connected to the hackforums.net site where the Mirai code was made public.
Will IoT-powered cyberattacks become more frequent and powerful now that the Mirai source code is available? If low-level hackers can launch these kinds of DDoS attacks, then what can more skilled APT groups and nation-state actors do with IoT malware? What can DNS providers like Dyn do to stop these kinds of disruptive attacks?
In this episode of SearchSecurity's Risk & Repeat podcast, editors Rob Wright and Peter Loshin discuss those questions and more on the Mirai IoT botnet. They also discuss other infosec news and trends, including the Dirty COW Linux vulnerability and the latest on Mozilla's actions against certificate authority WoSign.
Risk & Repeat: DNS DDoS attacks raise concerns over IoT devices
Risk & Repeat: Russia accused of state-sponsored cyberattacks
Risk & Repeat: Yahoo breach response scrutinized