Last Friday, a massive distributed denial of service (DDoS) attack took down a number of vastly popular websites including Twitter, Spotify, and PayPal.

During the DDoS attack, hackers flooded the sites with overwhelming amounts of phony traffic, rendering their services unusable to serve authentic requests. Essentially, the perpetrators were able to generate more traffic than the victim could handle, knocking the victims offline.

In the past, attackers have used large numbers of computers to generate these large phony request volumes. But today, there’s genuinely no need for attackers to use that much effort when cheap connected devices are a dime a dozen.

Who’s to Blame?

From connected security cameras to DVRs, Friday’s DDoS attacks were perpetrated by millions of cheap connected devices.

Researchers claim Botnets created by the Mirai malware are partially responsible for this outage. Mirai has been taking advantages of security vulnerabilities found in IoT devices by infecting the device and using them to launch massive DDoS attack. Mirai works by binding IoT devices to form one huge connected network, then uses those devices to deluge websites with phony requests, overloading the sites and knocking them offline.

In fact, Chinese firm Hangzhou Xiongmai Technology has since come out and claimed that security vulnerabilities involving weak default passwords in its products are partly to blame for Friday’s attacks.

Additionally, Mirai is responsible for the DDoS attack against Brian Krebs’ cybersecurity blog, Krebs on Security. The attack delivered nearly 665 Gbps of traffic to Kreb’s site, making it one of the largest recorded DDoS attacks in history.

IoT’s Future is Weary

Friday’s attack affected service providers like Airbnb, Netflix, and AWS, companies who have historically been investing loads of time and resources into created robust security infrastructures. The fact that all of these providers were able to get knocked off at the same time is rather remarkable. To attack each of these providers' head on would take an even larger number of devices than were used on Friday. That’s what makes this attack so worrisome: none of these companies were attacked directly.

The attacks targeted Dyn, the DNS service provider. DNS is a shared resource that nearly all companies outsource, meaning someone could cripple the internet usage worldwide by targeting a relatively small number of companies.  Similar to a power grid: overloading a couple key power stations could take down an entire region.

The NNT Perspective

Simply put, the attack Friday happened because cyber criminals were able to easily identify vulnerable IoT devices- vulnerable because they were all left in their default state with UPnP ports inviting attack and default usernames and passwords allowing easy access for criminals. At this stage, the device firmware can be replaced with botnet infected versions, then when the DDoS attack is invoked, the devices all come to life to hammer the web services.

In this particular case, this is an instance of needing to treat the cause, not the symptoms. With NNT, we would ensure that the Botnet is not established in the first place, and secondly, if malware does become present on an IoT device or traditional computing system, it’s detected so it can then be removed.

Defending against DDoS attacks is an extremely difficult task, but there are a few steps you can take to stay ahead of the criminals:


Step 1: Introduce System & Device Hardening

Step 2: Monitoring is Key!

Step 3: Be on the Lookout for Botnets

Step 4: Keep an Eye on Performance Metrics and Scalability

Step 5: Have a Security Awareness Program in Place


Click here to read about the DDoS Learning Curve: How to Better Protect Yourself


Read this article on Computer World

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)

[email protected]

United Kingdom

5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023

 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.