PlayStation — not Dyn — may have been the true target of the record-breaking 620 Gpbs Mirai botnet DDoS attack that took place last October, according to a new report from a team of researchers at Google, Cloudflare, Merit Networks, Akamai and several university partners. The researchers presented their findings last week at the Usenix conference, according to The Verge and other sources.
The researchers found PlayStation Network nameservers accounted for all the IP addresses targeted in the cyberattack. But because Dyn services are interconnected, the attack ultimately affected Twitter, Etsy, Github, Spotify, Reddit, Netflix and SoundCloud, among others.
The same attackers also went after a handful of gaming services — Xbox Live, Nuclear Fallout and ValveSteam — around the same time, the researchers found. They are not sure what prompted the attacks.
For Dyn, it was a high price to pay. Following the attack, more than 14,000 internet domains dropped Dyn as their DNS services provider.
The Dyn attack was particularly notable because it used the Mirai botnet to harness "zombie" Internet of Things devices to work on its behalf for the first time. The attack also highlighted an internet choke point, where scores of companies could be impacted.
The attack did have some positive results. A DDoS attack stemming from compromised IoT devices showed the advanced capabilities malicious actors have when targeting networks, and quickly prompted several IoT device makers to recall or reevaluate the security of their devices.
It also inspired the House Subcommittee on Communications and Technology and the Subcommittee on Commerce, Manufacturing and Trade to hold a joint hearing to consider whether federal regulation is needed to ensure Internet of Things device security. More recently, a group of bipartisan senators proposed a law to secure the IoT, placing the onus on manufacturers to adequately secure internet-connected devices.
Though the incident certainly made for a bad day for Dyn, the company was purchased by Oracle soon after.