We have had access to an interesting report of Telefónica for its large customers in which you explain detail the DDoS attack and virus that last Friday did tremble Internet and, among others, knocked out the service of WhatsApp, Twitter, Spotify, etc.
Although it was an DDoS attack affecting servers the company DNS DyDNS, and that already ADSLZone coworkers explained it this weekend, the result is that many tried to connect to WhatsApp, Twitter, Spotify and many other services that we have been and consume from mobile phones and could not do it.
Last already the storm, have could have access to an interesting report that is sending telephone to its large customers in which explains detail all what is knows of Mirai, the software that created the botnet of things “Smart”, i.e., used the Internet Of Things to finish with one of them DNS of Internet, besides others details very interesting on the attack DDoS of the last Friday.
Mirai, the virus that threatens the IoT and to all Internet with more attacks DDoS
Mirai is a malware that scans Internet for locating Internet of things connected devices such as cameras, fridges, televisions, etc., which often have in many cases a password by default of the manufacturer which makes them extremely vulnerable. Mirai performs different brute force attacks to break the password and infect these devices to attach them to their botnet, a network of devices zombies waiting for activation for the attack.
We could say, “well,” since we changed the password, but as Telefonica tells us, Mirai takes advantage of these passwords are “hardcodeadas firmware“, or what is the same, are fixed by default. A test carried out by the operator with the Shodan search engine located more than 500,000 vulnerable devices. In fact, on GitHub is they have already known passwords by default using Mirai.
On 10 October, the creator of Mirai he freed his malware code, thus allowing programmers around the world could create its own network of botnets with versions of this software reaching, according to estimates by Telefonica, close to a million connected devices.
Akamai estimated that near 2 million of devices IoT in total are committed since in 2015 appeared a code that allowed make attacks to these devices and some names of virus in addition to Mirai are Lizkebab, BASHLITE, Torius, or gafgyt is van to make fairly regular in the future.
The IoT is to blame Chinese, some say
Seems to be that it “cheap comes out expensive” is returns to comply because is has designated, according to FlashPoint, to the manufacturer Chinese XiongMai Technology, that is supplier of components for many companies with cameras IP and systems similar, as causing of the existence of a number very high of devices vulnerable. Telefónica, the says 29% of you IoT currently infected are us. UU., followed by 23% in Brazil and 8% in Colombia, leaving the rest of the percentage in other countries of the world.
Who has claimed the DDoS attack on last Friday?
Currently there are several groups that have been granted the authorship of the DDoS attack on last Friday. They are the New World Hackers, distributed in China and Russia claiming it through a message on twitter and in an interview, where they say they have a network of 100,000 computers infected bots list.
As not, them usual Anonymous also came out to the step and said that the attack is had produced by the cutting of Internet to Julian Assange in Ecuador while the founder of Wikileaks was filtering documents that would affect to the campaign election in USA
At the moment, the U.S. Government has not confirmed these audits and the FBI continues to investigate what may have happened on the servers of DynDSN which, in turn, that given any other technical explanation in recent days.
The article who, how and what virus was used in the attack DDoS that knocked out WhatsApp, Twitter, Spotify was published in MovilZona.