Vigilante
Diamond Member
- Banned
- #1
Chinese firm admits its hacked DVRs, cameras were behind Friday's massive DDOS attack Botnets created from the Mirai malware were involved in Friday's cyber attack.
Michael Kan - IDG News Oct 23, 2016
A Chinese electronics component manufacturer says its products inadvertently played a role in a massive cyberattack that disrupted major internet sites in the U.S. on Friday.
Hangzhou Xiongmai Technology, a vendor behind DVRs and internet-connected cameras, said on Sunday that security vulnerabilities involving weak default passwords in its products were partly to blame.
According to security researchers, malware known as Mirai has been taking advantage of these vulnerabilities by infecting the devices and using them to launch huge distributed denial-of service attacks, including Friday’s outage.
“Mirai is a huge disaster for the Internet of Things,” Xiongmai said in an email to IDG News Service.
“(We) have to admit that our products also suffered from hacker's break-in and illegal use.” Mirai works by enslaving IoT devices to form a massive connected network.
The devices are then used to deluge websites with requests, overloading the sites and effectively taking them offline.
Because these devices have weak default passwords and are easy to infect, Mirai has been found spreading to at least 500,000 devices, according to internet backbone provider Level 3 Communications.
Xiongmai says it patched the flaws with its products in September 2015 and its devices now ask the customer to change the default password when used for the first time.
But products running older versions of the firmware are still vulnerable.
To stop the Mirai malware, Xiongmai is advising that customers update their product’s firmware and change the default username and passwords to them.
Customers can also disconnect the products from the internet.
Botnets created from the Mirai malware were at least partly responsible for Friday's massive internet disruption...
Michael Kan - IDG News Oct 23, 2016
A Chinese electronics component manufacturer says its products inadvertently played a role in a massive cyberattack that disrupted major internet sites in the U.S. on Friday.
Hangzhou Xiongmai Technology, a vendor behind DVRs and internet-connected cameras, said on Sunday that security vulnerabilities involving weak default passwords in its products were partly to blame.
According to security researchers, malware known as Mirai has been taking advantage of these vulnerabilities by infecting the devices and using them to launch huge distributed denial-of service attacks, including Friday’s outage.
“Mirai is a huge disaster for the Internet of Things,” Xiongmai said in an email to IDG News Service.
“(We) have to admit that our products also suffered from hacker's break-in and illegal use.” Mirai works by enslaving IoT devices to form a massive connected network.
The devices are then used to deluge websites with requests, overloading the sites and effectively taking them offline.
Because these devices have weak default passwords and are easy to infect, Mirai has been found spreading to at least 500,000 devices, according to internet backbone provider Level 3 Communications.
Xiongmai says it patched the flaws with its products in September 2015 and its devices now ask the customer to change the default password when used for the first time.
But products running older versions of the firmware are still vulnerable.
To stop the Mirai malware, Xiongmai is advising that customers update their product’s firmware and change the default username and passwords to them.
Customers can also disconnect the products from the internet.
Botnets created from the Mirai malware were at least partly responsible for Friday's massive internet disruption...