An Internet of Things (IoT) botnet dubbed Mirai is being blamed for causing some of the massive distributed denial of service (DDoS) attack that disrupted several major Internet sites last Friday. High profile sites including GitHub, Twitter, and Netflix were impacted.

In a Periscope channel post, Level 3 Chief Security Officer Dale Drew said that the DDoS attack was caused by a large number of IoT devices that were constantly querying a domain name service (DNS) provider, making it impossible to translate Internet addresses into IP addresses so that networks can route traffic.

Drew said that between 500,000 to 550,000 nodes around the world are part of the Mirai botnet and about 10 percent of those were involved in Friday’s attack. However, he warned that other botnets could be involved as well.

Mirai is the same botnet that took down the KrebsOnSecurity site last month. Code for using the botnet has since been publicly released.

Drew also said that the U.S. is a big target for these types of attacks because there is a lot of Internet infrastructure here.

According to AT&T’s latest Cybersecurity Insights report, in the past year, 73 percent of companies suffered at least one DDoS attack.

The report also said that most cyber attacks today are “known” or common threats, meaning that they are preventable if companies take the right precautions.

Friday’s outage was initially reported early in the day and then many of the sites were hit again later in the morning. Maps at downdetector.com, which tracks downtimes of major websites, indicated that the hardest-hit areas were California, the northeastern United States, and parts of western Europe.