Last Friday, a massive distributed denial of service (DDoS) attack took down a number of vastly popular websites including Twitter, Spotify, and PayPal.
During the DDoS attack, hackers flooded the sites with overwhelming amounts of phony traffic, rendering their services unusable to serve authentic requests. Essentially, the perpetrators were able to generate more traffic than the victim could handle, knocking the victims offline.
In the past, attackers have used large numbers of computers to generate these large phony request volumes. But today, there’s genuinely no need for attackers to use that much effort when cheap connected devices are a dime a dozen.
Who’s to Blame?
From connected security cameras to DVRs, Friday’s DDoS attacks were perpetrated by millions of cheap connected devices.
Researchers claim Botnets created by the Mirai malware are partially responsible for this outage. Mirai has been taking advantages of security vulnerabilities found in IoT devices by infecting the device and using them to launch massive DDoS attack. Mirai works by binding IoT devices to form one huge connected network, then uses those devices to deluge websites with phony requests, overloading the sites and knocking them offline.
In fact, Chinese firm Hangzhou Xiongmai Technology has since come out and claimed that security vulnerabilities involving weak default passwords in its products are partly to blame for Friday’s attacks.
Additionally, Mirai is responsible for the DDoS attack against Brian Krebs’ cybersecurity blog, Krebs on Security. The attack delivered nearly 665 Gbps of traffic to Kreb’s site, making it one of the largest recorded DDoS attacks in history.
IoT’s Future is Weary
Friday’s attack affected service providers like Airbnb, Netflix, and AWS, companies who have historically been investing loads of time and resources into created robust security infrastructures. The fact that all of these providers were able to get knocked off at the same time is rather remarkable. To attack each of these providers' head on would take an even larger number of devices than were used on Friday. That’s what makes this attack so worrisome: none of these companies were attacked directly.
The attacks targeted Dyn, the DNS service provider. DNS is a shared resource that nearly all companies outsource, meaning someone could cripple the internet usage worldwide by targeting a relatively small number of companies. Similar to a power grid: overloading a couple key power stations could take down an entire region.
The NNT Perspective
Simply put, the attack Friday happened because cyber criminals were able to easily identify vulnerable IoT devices- vulnerable because they were all left in their default state with UPnP ports inviting attack and default usernames and passwords allowing easy access for criminals. At this stage, the device firmware can be replaced with botnet infected versions, then when the DDoS attack is invoked, the devices all come to life to hammer the web services.
In this particular case, this is an instance of needing to treat the cause, not the symptoms. With NNT, we would ensure that the Botnet is not established in the first place, and secondly, if malware does become present on an IoT device or traditional computing system, it’s detected so it can then be removed.
Defending against DDoS attacks is an extremely difficult task, but there are a few steps you can take to stay ahead of the criminals:
Step 1: Introduce System & Device Hardening
Step 2: Monitoring is Key!
Step 3: Be on the Lookout for Botnets
Step 4: Keep an Eye on Performance Metrics and Scalability
Step 5: Have a Security Awareness Program in Place