Dyn DNS, the internet traffic management company hit by DDoS attacks Friday which affected more than 80 popular websites, says it believes that smart devices such as webcams and thermostats were infiltrated to carry out the attacks.
Scores of websites including PayPal, Reddit, Amazon, Spotify and Twitter were unavailable Friday as three separate distributed denial of service (DDoS) attacks disrupted the New Hampshire based server’s operations.
READ MORE: US investigating massive attack on internet as 3rd DDoS wave stops
A DDoS attack occurs when a server is overwhelmed with traffic in a targeted attack. In this case, it’s believed that Internet of Things devices, which covers any object with an internet connection, were hit.
Dyn DNS believes tens of millions of these connected devices, including surveillance cameras, webcams and smart thermostats were infected with malware.
"It is a very smart attack. As we start to mitigate they react and start to throw something that's over the top,” Dyn chief strategy officer Kyle York said, as reported by Sky News.
The Department of Homeland Security is reportedly investigating the attack. A shadowy group which calls itself “New World Hackers” has claimed responsibility.
Cybersecurity experts have warned that IoT is an easily exploitable area in corporations and can be used effectively in mass cyberattacks.
Surveillance cameras are one example of this as the firmware tends to be similar across the board and contains a vulnerability that can easily be exploited, according to Tech Crunch.
The release of the source codes of botnets online has also made it easier for cyber attackers to launch a DDoS attack. IoT devices also have the disadvantage of not being able to run standard cyber security software.
Internet of Things is mooted to become the largest device market in the world, expected to reach double the size of the smartphone, PC, tablet, connected car and wearable market combined by 2019, according to a BI Intelligence report.