A Chinese electronics company that manufactures components reckons that its products were hacked and used in Friday's DDoS attack that caused major disruption on the east coast.
The massive DDoS attack in question took down major online sites such as Reddit, Netflix, Twitter, Spotify and more, and experts warned that Internet of Things (IoT) devices might be to blame.
China's Hangzhou Xiongmai Technology, which makes internet-connected cameras and DVRs, acknowledged on Sunday that some weak default passwords in its products left them vulnerable.
Mirai malware has taken advantage of those security vulnerabilities and infected the devices, employing them in a botnet to launch massive DDoS attacks — including the one that caused Friday's large-scale outage.
"Mirai is a huge disaster for the Internet of Things," Xiongmai confirmed in an email to IDG News. "(We) have to admit that our products also suffered from hacker's break-in and illegal use."
The malware, known as Mirai, wreaks havoc by hijacking IoT devices to form a huge connected network and assault websites with requests, overloading them until effectively knocking them offline.
IoT devices with weak passwords, such as Xiongmai's DVRs and internet-connected cameras, are ideal targets because they're easy to infect and enslave. Mirai malware has reportedly spread to at least 500,000 devices and shows no signs of slowing down.
Xiongmai has patched the vulnerabilities found in its September 2015 products. When used for the first time, the devices will now require the user to change the default password. While this is a step forward in the right direction, devices that are on older versions of the firmware did not get any update and are still vulnerable.
To prevent the malware from spreading, Xiongmai advises customers to update their devices' firmware (if new firmware is available) and change the default username and password. Users can also disconnect the devices from the internet.
Friday's massive outage was caused by a wave of cyberattacks on DNS service provider Dyn, which has now confirmed that Mirai-made botnets were responsible for a great part of the disruption.
"We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack," Dyn told IGN.
Dyn eventually stabilized from the disruption and restored access to its service, but it's not over. In an increasingly connected world, security risks are greater than ever and Mirai-powered botnets or some other kind of malware could cause more mayhem in the future.
To reduce risks, it's highly recommended to change default passwords on all devices as soon as you turn them on for the first time.