Domain name services (DNS) provider Dyn has recalculated the number of Mirai-infected Internet of Things (IoT) devices that took part in a distributed denial of service (DDoS) attack on the company's servers last week, reducing its estimate from 'tens of millions' to 100,000.
Dyn, which provides DNS services to high-profile sites including social networking service Twitter, found itself under siege last Friday when a distributed denial of service (DDoS) attack knocked out local services for much of the morning and global services for at least an hour. In its initial analysis of the attack
, Dyn tipped open-source IoT botnet Mirai
as the major source of the attack traffic, with chief strategy officer Kyle York claiming that the company 'observed tens of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.
Although Mirai has enjoyed a high success rate in its simple infection method of attempting to log in to devices using the manufacturer's hard-coded default username and password combinations, and security experts had warned the release of its source code would likely lead to further growth, some in the industry questioned the 'tens of millions
' of infected systems measurement. Rightly so, it turns out: Dyn's Scott Hilton has released an updated analysis
which puts the real figure closer to 'up to 100,000 malicious endpoints
,' not all of which - though a 'significant volume
' - were Mirai members.
For those working in the field of IoT, the news that the botnet may be orders of magnitude smaller than first feared should be welcomed; for Dyn, it's an embarrassing admission of just how few malicious systems are required to cripple its systems.