Dyn has confirmed that the Mirai botnet was the primary weapon in a distributed denial of service attack that crippled popular Web sites last week.
- The attack was "complex & sophisticated" and used "maliciously targeted, masked TCP and UDP traffic over port 53."
- DNS retry traffic compounded the attack.
- And Dyn is working with law enforcement agencies, but "will not speculate regarding the motivation or the identity of the attackers."
Dyn noted that there were two distinct attacks. The first attack started in multiple regions and then honed in on the US-East region. Dyn mitigated the hit.
Previously: Dyn, a managed DNS service, hit with attack, popular sites see performance issues | Dyn DDoS part 2: The hackers strike back | The Dyn report: What we know so far about the world's biggest DDoS attack | Chinese tech giant recalls webcams used in Dyn cyberattack | History repeating: How the IoT is failing to learn the security lessons of the past | After massive cyberattack, shoddy smart device security comes back to haunt
The second attack used the same technique as the first one, but was more globally diverse.
Overall, Dyn said the incident "has opened up an important conversation about internet security and volatility. Not only has it highlighted vulnerabilities in the security of "Internet of Things" (IOT) devices that need to be addressed, but it has also sparked further dialogue in the internet infrastructure community about the future of the internet."
In the end, Dyn earned its stripes in the attack last week. The company was transparent with customers and the attack will lead to information sharing to battle future attacks.