"On September 20, 2016, the computer security blog KrebsonSecurity (Krebs) was hit with a massive attack - one that surpassed the scale of previously known attacks. One month later, on October 21, 2016, domain name system provider Dyn experienced a similar attack which prevented many users in the United States from accessing popular websites, such as Amazon, Reddit and Twitter. Both these attacks have in common a malicious botnet named Mirai. [...] A botnet is a network of computers or other Internet-connected devices that an attacker has infected with malware that grants them control and use of the resources of that device. [...] Adversaries may use botnets they cultivate for their own purposes, or they may rent out their botnets for other attackers to use, such as to carry out a denial of service (DOS) attack, like those which hit Krebs and Dyn. [...] The Mirai botnet is unique because it takes advantage of Internet of Things (IOT) devices. In this case, many of those devices were web-enabled cameras and digital video recorders (DVRs) with published and unchanged administrative usernames and passwords. [...] In response to the attack on Dyn, Senator Mark Warner asked federal agencies to examine the tools available to secure IOT devices and what additional tools might be needed. Additionally, congressional committees, as part of their oversight activities, may engage with federal agencies as they pursue rulemaking and issuing guidance on IOT devices. Congress could also encourage industry to ensure it adequately considers security needs in manufacturing and deployment of IOT devices in a manner that not only considers consumer needs but also security of the Internet."
CRS Insight, IN10600
Federation of American Scientists: http://www.fas.org/sgp/crs/index.html