There’s been a lot of discussion about the insecurity of the internet of things (IOT) devices such as security cameras, DVRs, thermostats and more. Frankly, many of these are Linux systems that are poorly prepared from a security standpoint and sometimes blatantly exposed. Such devices were used in the recent, massive attacks against the DNS service.
“We’re seeing attacks coming from a number of different locations,” Drew said. “An Internet of Things botnet called Mirai that we identified is also involved in the attack.”
The botnet, made up of devices like home Wi-Fi routers and Internet protocol video cameras, is sending massive numbers of requests to Dyn’s DNS service. Those requests look legitimate, so it’s difficult for Dyn’s systems to screen them out from normal domain name lookup requests.