Malware that can build botnets out of IoT devices was at least partly responsible for a massive distributed denial-of-service attack that disrupted U.S. internet traffic on Friday, according to network security companies.
Beginning Friday morning, the assault disrupted access to popular websites by flooding a DNS service provider called Dyn with an overwhelming amount of internet traffic.
Some of that traffic was observed coming from botnets created with the Mirai malware that is estimated to have infected over 500,000 devices, according to Level 3 Communications, a provider of internet backbone services.
About 10% of those Mirai infected devices were participating in Friday's DDOS attack, said Dale Drew, the company's chief security office in Periscope livestream. However, other botnets were also partaking in the attack, he added.
DDOS attacks and botnets are nothing new. However, the Mirai malware appears especially worrisome for its awesome power. An attack on the website of cybersecurity Brian Krebs last month managed to deliver 665Gbps of traffic to Kreb's site, making it one of the largest DDOS attacks ever recorded.
Unlike other botnets that rely on PCs, the Mirai malware targets internet-connected devices such as cameras and DVRs that have weak default passwords, making them easy to infect. Adding to the worry is that the developer behind Mirai has released the malware's source code to the hacker community.
Security firm Flashpoint said it was able to confirm that some of the Mirai-infected machines involved in Friday's attack are DVRs.
The botnets participating in Friday's assault, however, were separate and distinct from those used to take down Kreb's website back In September, the security firm said.
Both Level 3 and Flashpoint have said copycat hackers have been trying to exploit the Mirai code since it was publicly released.
Friday's attack continued into the evening, according to Dyn. Its engineers had to mitigate "several attacks" aimed at its infrastructure. The company also reportedly said that the DDOS attacks are coming from "tens of millions of IP addresses at the same time."