Like many Americans, your usual morning coffee and casual internet browse were interrupted last Friday. A major distributed denial of service attack (DDoS) took down a large number of popular websites including Amazon, Twitter, Netflix, Github, Spotify, and more by targeting their DNS (Domain Name System) provider.
Dyn, one of the largest DNS providers in the world, is a cloud-based Internet Performance Management company that was at the heart of the attack. Their service essentially translates what you type into your browser – www.arrow.com, for example – into the numerical IP address that computers can understand. The IP address is the location of the physical server that holds the content you’ve requested. Rather than targeting the top websites individually, the attack only needed to overload Dyn’s servers to break the service that all these big name websites utilize and render them inaccessible.
The attack against Dyn on Friday was an attack on core internet infrastructure. As a result, it not only took down Dyn’s servers and blocked users from getting to popular websites, it also prevented all of Dyn’s customers from accessing and utilizing corporate applications and carrying out critical business operations. Even organizations who work with a service provider dependent on Dyn were affected.
A DDoS attack is basically an organized flood of useless data and requests on a server which results in an exceptionally high load that temporarily or indefinitely chokes the system. This prevents useful data, such as an attempt to log into Twitter to tweet about the Cubs’ NLCS win, from getting through. Picture the Black Friday mobs of people all trying to get through a single storefront door at the same time to snag those early morning super deals. Messy, right? Now imagine that same crowd of people, except now they aren’t even legitimate shoppers. They are an obnoxious crowd of people who are passing through the doorway for the sole purpose of blocking you and other valid shoppers from getting inside. This is what is happening to a server in a distributed denial-of-service (DDoS) cyber-attack.
See related product
While we have yet to learn who was behind the DDoS attack last Friday, a US intelligence official said that it does not appear to be state-sponsored or directed. According to Dyn, the attacks were “well planned and executed, coming from tens of millions of IP addresses at the same time.”
One source of the attack is said to be a coordinated “botnet,” or army of private internet-connected devices that are infected with malicious software and controlled without the owners’ knowledge. This includes insecure Wi-Fi routers, Internet protocol video cameras, printers, appliances, and any other internet-connected electronics known as IoT or “internet of things” devices. In fact, earlier this month the source code for an IoT botnet was leaked to the public. This botnet, called “Mirai,” is a malware capable of spreading to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default or hard-coded usernames and passwords. It then infects them with malicious software that forces the devices to report to a central control server that can be used as a staging ground for launching powerful DDoS attacks, such as the one on October 21.
See related product
While some responsibility lies with the manufacturers of IoT electronic devices and debatably with other parties as well, what can you do as the user to protect yourself from unknowingly enlisting in the botnet army? Although infected IoT devices can usually be cleaned by a simple reboot to wipe malicious code from memory, the constant scanning for exposed IoT devices means they could be re-infected within minutes of the reboot. Your best bet for preventative action is to always do the following for your router and any IoT gadgets you have:
- Change the default password that the manufacturer sets on your new IoT device. Some manufacturers have default passwords that are extremely easy to guess, making it a simple task for attackers to crack the login. You should always change the default login credentials and ensure you are not using a weak password.
- Always ensure your software and firmware is up-to-date so your device is not more susceptible to malware. Most system updates are patches designed to resolve either user-interface bugs or to patch security flaws. If you don’t have the latest version, there may be vulnerable security holes in your system that are now known flaws and are therefore very easy targets when designing malware.
By the end of 2016, it is projected by Gartner Inc. that there will be 6.4 billion internet-connected devices in use globally. It also estimates that roughly 5.5 million new IoT devices are connected every day. With the ever-increasing number of IoT devices going online, Friday’s large-scale DDoS attack is just the beginning of what we can expect to see in the future. While not entirely unavoidable, by changing your default password and maintaining an up-to-date system, you can help protect your personal IoT devices from being easily targeted recruits in the next DDoS attack.