Last year in October Mirai Botnet, a malware strain that can take control of IoT (Internet of Things) devices and use them for large cyber attacks resulting in ‘distributed denial-of-service (DDoS) — rendering the target website/server unreachable to legitimate visitors.
According to new study by researchers at Google, CloudFlare, Merit Networks, Akamai and other universities, the Mirai Botnet attack last October on DNS provider Dyn might actually be targeting the PlayStation Network (PSN).
The research which was presented at the Usenix Security Symposium, Vancouver, has suggested that the DDoS attack conducted via the Mirai botnet was meant to disable PlayStation Network services as all the IP addresses targeted by the attack were name servers for the PSN.
These name servers were used by Dyn to connect users to the correct IP address. The Verge reported that this Mirai botnet attack which was targeted towards bringing down PSN might be the handiwork of angry gamers.
“Although the first several attacks in this period solely targeted Dyn’s DNS infrastructure, later attack commands simultaneously targeted Dyn and PlayStation infrastructure, potentially providing clues towards attacker motivation,” the researchers noted.
According to the researchers, it’s not only the PlayStation Network that was being targeted by the botnet. They also detected that Xbox Live, Valve Steam, and other gaming servers were attacked during the same period too.
“This pattern of behavior suggests that the Dyn attack on October 21, 2016, was not solely aimed at Dyn. The attacker was likely targeting gaming infrastructure that incidentally disrupted service to Dyn’s broader customer base,” the researchers added.
The researchers also pointed out that worms like Mirai botnet prosper majorly due to the absence of apt security measures for IoT devices. This results in a ‘fragile environment ripe for abuse’.
“As the IoT domain continues to expand and evolve, we hope Mirai serves as a call to arms for industrial, academic, and government stakeholders concerned about the security, privacy, and safety of an IoT-enabled world,” the researchers concluded.
The attack conducted using Mirai botnet in October 2016 wasn’t a standalone one. Since after the Mirai worm code was made public, 15,194 attacks were perpetrated on 5,046 victims (4,730 individual IPs, 196 subnets, 120 domain names), across 85 countries.