What were the biggest cyber attacks in 2016?
How big can a DDoS get?
The attack on Dyn was one of many major distributed denial of service (DDoS) attacks in the year, but it was of particular importance due to both the damage it did and its sheer magnitude.
Dyn is a hosting provider, relied upon by many popular websites including Twitter, Reddit and Spotify.
In a DDoS attack, the target web server is hit by an overwhelming amount of traffic, consuming the server’s resources and if successful, taking the server offline.
The 21 October attack on Dyn made the sites mentioned above unavailable for many users.
According to Dyn’s assessment, the attack on its Managed DNS infrastructure may have peaked at 1.2 Tbps, an extremely high and record-setting level.
Powering the attack was the malware Mirai, which Dyn confirmed as the source of the attack.
Mirai is encoded with a list of a few default passwords, including obvious words and phrases such as ‘password’ or ‘password123’. It trawls the net, looking for passive internet-connected devices such as routers and camera and inputting these passwords into the devices to try and take them over.
Mirai has featured in major attacks on OVH, KrebsOnSecurity, Deutsche Telekom, TalkTalk and the Post Office.
Over the next year or two we may see the full potential of the Mirai botnet and other similar botnets.