A Mirai botnet hacked into IoT's cameras and routers (according to Flashpoint) which targeted Dyn (large Domain Name Server – translates domain names to IP addresses via hierarchical manner) with a Distributed Denial of Service (DDoS). Ultimately rendering major websites off line including: Twitter, Spotify, Reddit, NY Times, Pinterest, PayPal, etc. This same Mirai attack is the same that affect Brian Krebs website last month with packets/traffic peaking at 620 Gbps…with this recent case of internet vandalism as per U.S. intelligence reported by NBC News.
The Mirai source open-source code had been released to the public which showed itself in multiple waves on October 21 with the first approx.. 6:10am and the third realized around 2:30PM CST and lasted/resolved approx. 5:15pm. While DDoS is not new to the industry/Internet, it becomes more persuasive in the industry with connected devices – particularly with default login or management/SNMP credentials… DDoS can come in flavors of simply flooding your routers or devices with too many packets that it simply cannot process, and more commonly are packets sent to obtain acknowledgement (e.g. TCP handshake, GET requests) with further overwhelms bandwidth and processing congestion. And, the more sophisticated is this Mirai type which makes your individual PC become a DNS server which further floods the internet with bogus requests and response for name/IP requests.
Point being, early detection via monitoring network/bandwidth spikes can offer good triggers for your environment. Also, obtaining high-capacity server and/or configuring scrubbing filters to prevent large traffic spikes (for at least tapering the slowdown); and finally opt for out-of-band connection from your hosting provider or a Content Delivery Network (CDN) for your company's primary websites. Not bullet proof but some counter measures.
