We saw a dramatic drop in the required level of expertise and knowledge needed to become a malefactor. Nowadays, a simple how-to video on YouTube or a Bitcoin-prepaid stresser/ booter is enough to perform an attack successful against even larger websites and applications — something unseen in previous years.
Brian Krebs is now probably the most demanded cyber security expert in the field: he was among first to tell about the evolution of Mirai and cover some of the security breaches and vulnerabilities. For his many years of hard work as a security journalist, his investigations of computer hacks and paths people take to become cybercriminals he was chosen as a target. Akamai which hosted Krebs’s blog on pro bono basis could not withstand a record-setting 620 Gbps attack by Mirai botnet and shut him off. However, as Brian says, censorship would not work over the internet, as he continues to investigate malicious and criminal activity over the web.
Late 2016 we witnessed the first, but not last, IoT-based botnet — Mirai. Hundreds of thousands of routers, cameras, DVRs, and other connected devices, even Wi-Fi-enabled coffee-makers, made one the biggest media stories of the year in the professional security community, hunting down Dyn, one of the world’s largest DNS providers. A fast and merciless attack made the world’s most visited websites unavailable for hours, showing extreme collateral damage in a thoughtful infrastructure attack. Before that Mirai raised the bar of a possible threat by performing a 1 Tbps attack on OVH, a French cloud hosting provider, one of the biggest in its class.
DNS defenses have evolved, so have the methods, vectors, and tools, used by attackers. So-called ”no such domain” (NXDOMAIN) attacks showed their effectiveness by quickly draining performance out of the cache. Mirai used a “water torture” technique against its target DNS servers. It is different from regular DNS reflection and amplification attacks and allows recursive DNS server perform the attack on the target’s authoritative DNS server.
Full report you will find here