DDoS Attack Raises Security Concerns
On the morning of October 21st, a number of companies on the East Coast and parts of Europe fell victim to a compromising cyber attack. Called a Distributed Denial of Service (DDoS), The Guardian reported that the attack was the largest of its kind ever recorded. While all the sites affected were back up and running within reasonable time, the historical attack brings to attention compromised security on both business and consumer levels.
Major sites such as Twitter, Netflix, Airbnb, and Spotify were among the over eighty sites affected in the three waves that made up the attack. Each of the sites affected were hosted on the servers of Dyn, a company that manages a widely used domain name service (DNS) infrastructure. While to the average consumer an attack like this may mean not being able to stream the next episode of How to Get Away with Murder, a distributed denial of service pose a larger security threat to companies.
Imagine the night of November 30th, when every senior seems to be submitting their UC application at the last minute and the website inevitably crashes. A DDoS attack is similar in the sense that multiple packets of information and requests overload a server, rendering it slow or unresponsive. DDoS, however, basically involves a source harnessing a network of private computers, called a botnet, to overload a server with requests and thus denying requests from actual customers from getting through.
“When we didn’t have the internet for two days, it paralyzed the school district,” Ms. Hardy, computer science and math teacher at Wilcox, recalls. “Take that to a larger situation— it paralyzed the entire eastern seaboard and parts of England; that was very, very difficult. One reason I teach computer science is because the biggest growth in jobs, especially in that industry, is in cyber security and how to handle big data.” Not to mention, every minute offline for big business is millions of dollars lost in revenue.
Immediately after the attack, Dyn put to work trying to identify the instigator and motive of the attack alongside the Department of Homeland Security. The source of the malicious attacks was confirmed as the Mirai botnet.
What was unique about this situation, however, was that unlike regular botnets, which consist of a network of computers, the Mirai botnet is made up of Internet of Things (IoT) devices. These devices are essentially any smart devices, including anything from smart home systems to vehicles. As reported by The Guardian, the attacks on October 21st were done by means of unprotected and hijacked DVR’s and digital cameras. Many of the IoT devices part of the Mirai botnet contained parts manufactured by Hangzhou Xiongmai, a Chinese tech firm, which immediately recalled the circuit boards used in the digital cameras part of the attack. Xiongmai advised customers to change their default passwords or even disconnect their devices from the internet, according to Computerworld. As of October 26th, Dyn identified over 100,000 endpoints as part of the botnet.
According to Kevin Beaumont via Medium, the Mirai toolkit was also just released to the hacker community as an open source; this means that anyone can download the toolkit and join the team.
The attacks in October raise concerns about stiffening security surrounding IoT devices. Going forward, more and more devices will inevitably transition to Wi-Fi capability and “smart” functions. As reported by Computerworld, vulnerable IoT devices especially include those that are still set to weak default usernames and passwords. While we may not think twice about our Wi-Fi enabled thermostat serving any purpose aside from allowing us to adjust the temperature in the room, it could very well be vulnerable to malware such as Mirai.
“Most attackers are targeting businesses using forms of attacks we already know about and can help defend against,” Mo Katibeh, senior vice president of Advanced Solutions at AT&T, argues. However, “In today’s digital age, businesses need to remain vigilant about deploying and updating core security protections, and in educating employees on how their actions might impact the company’s security.”
Although this attack was successfully mitigated (despite the time customers were left without connection), this attack poses a larger problem to DNS servers as well as companies that are hosted on them. Scott Hilton, Executive Vice President of Products at Dyn, broke down the situation in a blog post on the site. He stated, “Not only has it [the attack] highlighted vulnerabilities in the security of ‘Internet of Things’ (IOT) devices that need to be addressed, but it has also sparked further dialogue in the internet infrastructure community about the future of the internet.”