First, there was nothing -- nothing -- surprising about this attack. As Paul Mockapetris, creator of the Domain Name System (DNS), said, "The successful DDoS attack on DYN is merely a new twist on age-old warfare. ... Classic warfare can be anticipated and defended against. But warfare on the internet, just like in history, has changed. So let's take a look at the asymmetrical battle in terms of the good guys (DYN) and the bad guys (Mirai botnets), and realize and plan for more of these sorts of attacks."
This new twist came from the Internet of Things (IoT). Surprised? Please. We knew all along that not only could the IoT be used to attack networks, it would be used to target the internet.
IoT vendors must improve their security. Or, as Lyndon Nerenberg, an internet engineer, said on the North American Network Operators Group (NANOG), the professional association for internet engineering, architecture, and operations, mailing list, "The way this will get solved is for a couple of large ISPs and DDoS targets to sue a few of these IoT device manufacturers into oblivion."