0126 GMT December 09, 2022
Twitter, Spotify, and Reddit were among the sites taken offline on Friday, according to BBC.
Each uses a company called Dyn, which was the target of the attack, to direct users to its website.
Security analysts now believe the attack used the 'Internet of things' — web-connected home devices — to launch the assault.
Dyn is a DNS service — an Internet 'phone book' which directs users to the Internet address where the website is stored. Such services are a crucial part of web infrastructure.
On Friday, it came under attack — a distributed denial of service (DDoS) — which relies on thousands of machines sending co-ordinate messages to overwhelm the service.
The 'global event' involved 'tens of millions' of Internet addresses.
Security firm Flashpoint said it had confirmed that the attack used 'botnets' infected with the 'Mirai' malware.
Many of the devices involved come from Chinese manufacturers, with easy-to-guess usernames and passwords that cannot be changed by the user — a vulnerability which the malware exploits.
"Mirai scours the Web for IoT (Internet of Things) devices protected by little more than factory-default usernames and passwords," explained cybersecurity expert Brian Krebs.
"And then enlists the devices in attacks that hurl junk traffic at an online target until it can no longer accommodate legitimate visitors or users."
The owner of the device would generally have no way of knowing that it had been compromised to use in an attack, he wrote.
Krebs is intimately familiar with this type of incident, after his website was targeted by a similar assault in September, in one of the biggest web attacks ever seen.
The incidents mark a change in tactics for online attackers.
DDoS attacks are typically aimed at a single website. Friday's attack on Dyn, which acts as a directory service for huge numbers of firms, affected several of the world's most popular websites at once.
The use of Internet-connected home devices to send the attacking messages is also a relatively new phenomenon, but may become more common.
The Mirai software used in these attacks was released publicly in September — which means anyone with the skill could build their own attacking botnet.
On social media, many researchers and analysts expressed frustration with the security gap being exploited by attackers.
Matthew Green, an assistant professor at the Johns Hopkins Information Security Institute, wrote, "Today we answered the question what would happen if we connected a vast number of cheap, crummy embedded devices to broadband networks?".
Jeff Jarmoc, head of security for global business service Salesforce, pointed out that Internet infrastructure is supposed to be more robust.
"In a relatively short time we've taken a system built to resist destruction by nuclear weapons and made it vulnerable to toasters," he said.