Menu
Chinese firm admits its hacked products were behind massive DDoS attack

Chinese firm admits its hacked products were behind massive DDoS attack

Botnets created from the Mirai malware were involved in Friday's cyber attack

A Chinese electronics component manufacturer says its products inadvertently played a role in a massive cyberattack that disrupted major internet sites in the U.S. on Friday.

Hangzhou Xiongmai Technology, a vendor behind DVRs and internet-connected cameras, said on Sunday that security vulnerabilities involving weak default passwords in its products were partly to blame.

According to security researchers, malware known as Mirai has been taking advantage of these vulnerabilities by infecting the devices and using them to launch huge distributed denial-of service attacks, including Friday’s outage.

“Mirai is a huge disaster for the Internet of Things,” Xiongmai said in an email to IDG News Service. “(We) have to admit that our products also suffered from hacker's break-in and illegal use.”

Mirai works by enslaving IoT devices to form a massive connected network. The devices are then used to deluge websites with requests, overloading the sites and effectively taking them offline.

Because these devices have weak default passwords and are easy to infect, Mirai has been found spreading to at least 500,000 devices, according to internet backbone provider Level 3 Communications.

Xiongmai says it patched the flaws with its products in September 2015 and its devices now ask the customer to change the default password when used for the first time. But products running older versions of the firmware are still vulnerable.

To stop the Mirai malware, Xiongmai is advising that customers update their product’s firmware and change the default username and passwords to them. Customers can also disconnect the products from the internet.

Botnets created from the Mirai malware were at least partly responsible for Friday's massive internet disruption, according to Dyn, the DNS service provider targeted in the assault.

“We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack,” Dyn said in statement.

The DDOS attack, which flooded sites with an overwhelming amount of internet traffic, slowed and stopped access to Twiiter, Spotify, PayPal and many more services.

Although Dyn managed to fend off the disruption and restore access to its service, Mirai-powered botnets could easily strike again. Earlier this month, the unknown developer of the Mirai malware released its source code to the hacker community. Security firms have already noticed copycat hackers using it.

The Mirai malware also appears to target products from other IoT vendors that use weak default passwords in their devices. Security experts have noticed the malware tries a list of more than 60 combinations of user names and passwords.

Last month, a Mirai-powered botnet also briefly took down the website of cybersecurity reporter Brian Krebs, by delivering 665 Gbps of traffic, making it one of the largest recorded DDOS attacks in history.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Events

EDGE 2024

Register your interest now for EDGE 2024!

Featured

Slideshows

How MSPs can capitalise on integrating AI into existing services

How MSPs can capitalise on integrating AI into existing services

​Given the pace of change, scale of digitalisation and evolution of generative AI, partners must get ahead of the trends to capture the best use of innovative AI solutions to develop new service opportunities. For MSPs, integrating AI capabilities into existing service portfolios can unlock enhancements in key areas including managed hosting, cloud computing and data centre management. This exclusive Reseller News roundtable in association with rhipe, a Crayon company and VMware, focused on how partners can integrate generative AI solutions into existing service offerings and unlocking new revenue streams.

How MSPs can capitalise on integrating AI into existing services
Access4 holds inaugural A/NZ Annual Conference

Access4 holds inaugural A/NZ Annual Conference

​Access4 held its inaugural Annual Conference in Port Douglass, Queensland, for Australia and New Zealand from 9-11 October, hosting partners from across the region with presentations on Access4 product updates, its 2023 Partner of the Year awards and more.

Access4 holds inaugural A/NZ Annual Conference
Show Comments