It was all over the news. A sustained DDoS attack that caused outages for a large number of Web sites Friday was launched with the help of hacked “Internet of Things” (IoT) devices. Jeff Jarmoc tweeted: "In a relatively short time we've taken a system built to resist destruction by nuclear weapons and made it vulnerable to toasters." True words, since there are now specialized worms that infect just IoT devices.
Early Friday morning cyber criminals trained their DDoS attack on Dyn, an Internet infrastructure company that provides critical DNS technology services to major websites. The attack immediately created problems for Internet users of Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix.
This outage was similar to the recent 620 Gbps DDoS attack on IT security reporter Brian Krebs' site, caused by the Mirai botnet which consists of hacked IoT devices — mainly compromised digital video recorders and IP cameras made by a Chinese hi-tech company called XiongMai Technologies. The components that XiongMai makes are sold downstream to vendors who then use it in their own products. All credentials are hardcoded in the firmware and cannot be changed. This is a very dangerous practice and we need laws against this ASAP.
Someone Is Learning How to Take Down the Internet
Last month, IT security Guru Bruce Schneier caused waves when he wrote that someone, probably a country was learning how to take down the internet:
"Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don't know who is doing this, but it feels like a large nation state. China or Russia would be my first guesses.
"First, a little background. If you want to take a network off the Internet, the easiest way to do it is with a distributed denial-of-service attack (DDoS). Like the name says, this is an attack designed to prevent legitimate users from getting to the site. There are subtleties, but basically it means blasting so much data at the site that it's overwhelmed. These attacks are not new: hackers do this to sites they don't like, and criminals have done it as a method of extortion. There is an entire industry, with an arsenal of technologies, devoted to DDoS defense. But largely it's a matter of bandwidth. If the attacker has a bigger fire hose of data than the defender has, the attacker wins."
It's either a large country, or these two other scenarios:
- Someone tried to extort DYN and when they did not cough up the dough,
they decided to show them what they could unleash. - Anonymous and/or other hacktivists decided to flex their virtual muscle
and show netizens they are still a force to be reckoned with. Either way is disconcerting.
Hmmm. What can you do about this?
Well, not much. But don't put any of your own critical command & control infrastructure like managing chemical plants, water treatment or power plants in a position where they require the internet to function.
Also, and this is something all of us can do, set up redundant DNS providers so that when one is under attack you can shut it down and let other DNS services take over.
Know This Secret Of The Net: One Big Buggy Beta
Guys, I have been saying this for years now.
What this all means is that Web security is fundamentally broken.
The bad guys most often use social engineering to get into a target network. New-school security awareness training is a must to create a human firewall which is your first line of defense, on top of all existing security software layers.
Get a demo and see for yourself how you can harness your employees and keep your network safe.