If you’ve not heard of the DDOS attack on Friday 21st of October, where have you been? Netflix, Twitter, Spotify, Reddit, SoundCloud and other major sites went down because of it, some for several hours. It turns out that all of them had a common service provider — Dyn — which plays a critical role in their services working properly on a 24/7 basis.
Dyn’s service disruption was yet another demonstration of how attacks on various critical points on the Internet can impact millions of users, and how vulnerable those points may
currently be. In this case, DNS (the “domain name system”) isn’t something that most users think about, but the entire internet depends on it.
Question: How could an attack create this much traffic to be capable of taking down a good portion of the internet?
Answer: Vulnerable IOT devices.
The Internet Of Things devices such as your smart security camera, fridge or coffee pot may be a culprit in this massive DDOS attack.
How was it done?: Mirai, a trojan, who’s source code was published online. It’s main task was to deploy a botnet in IOT devices that had default credentials. These devices would then be controlled as a type of soldier. The more devices cracked, the bigger the army. The bigger the army, the bigger the attack.
Dyn confirmed that the attacks came from tens of millions of IP addresses and utilized the Mirai botnets. On Monday, Chinese electronics firm Hangzhou Xiongmai Technology announced that it would recall its webcam products, which were specifically targeted by Mirai.
The answer to this type of attack is complicated. Manufacturers are increasingly trying to sell to consumers at a lower price, thus increasing their chance of risk to attack with cheap hardware or software.
The best defence for all users is the ability of IOT providers to stay ahead of attackers and invest in constantly improving technology and infrastructure and to make users change default passwords easily. Better DDoS defenses will allow websites and applications to withstand the storm of the inevitable DDoS attacks that all major sites eventually get hit with.
If we don’t, the internet may be taken down. Think about that…..
QuBits 25th October 2016
Linux Security Blog 