Hackers Used an Army of Webcams and DVRs to Execute Friday’s Massive DDoS Attack

Hackers Used an Army of Webcams and DVRs to Execute Friday’s Massive DDoS Attack
Text Size
- +

Toggle Dark Mode

Last Friday’s widespread website disruptions were the result of hackers who used the Internet of Things to attack a major domain name host, according to a new report.

As Friday wore on, it was revealed that a Mirai botnet using compromised IoT devices was responsible for the DDoS attack. The volley of fake traffic targeted DNS host Dyn, and brought down major websites such as Twitter, Spotify, Reddit, Pinterest and the New York Times, according to cyber security firm Flashpoint.

Some of the IoT devices used were home webcams that had easy-to-guess default passwords. It was found that hackers were easily able to take over the cameras because users had not changed the default password. In response, Hangzhou Xiongmai — whose webcams likely made up a significant portion of the devices used in the DDoS assault — has issued a recall of the affected devices TechCrunch reported.

The recall includes all webcams that use the company’s circuit board, along with other components; and because of how many companies Xiongmai supplies its components to, that’s likely to be a massive amount of devices. In addition, the Chinese company has pledged to improve default passwords on its IoT products, and will release software patches to help protect vulnerable devices from being infiltrated.

This isn’t the first time that a Mirai botnet has been used in a DDoS attack. In September, a similar attack targeted the website of security researcher Brian Krebs. In that case, around 145,000 compromised IoT devices were used — including home security cameras and DVR devices. Additionally, the Mirai malware was made open-source by its author, and security expected that an attack of this scale was possible.

And this probably isn’t the last time we’ll see a DDoS attack of this scale. Before the Internet of Things, large-scale DDoS attacks were often hard to orchestrate due to the tough security of most personal computers. With the rise of the IoT, hackers now have a plethora of less-secure devices they can use to create hacking botnet network, the BBC reported. And because of the cost and effort of implementing stronger security into mass-market IoT devices, we probably won’t see the end of DDoS attacks anytime soon.

It’s currently unknown who orchestrated Friday’s DDoS assault. And because compromised devices often change hands due to rival hackers attempting to gain control of larger networks, we might never know.

Sponsored
Social Sharing