Essentially breaking portions of the internet, a massive Distributed Denial of Service (DDoS) cyber attack brought down many high profile company websites such as Twitter, Amazon and PayPal just to name a few, last Friday. Thus, preventing millions of customers from accessing these websites for goods and services for a period of time.
Dyn Inc., one of the largest DNS service providers in the world, was victim to a large-scale DDoS cyber attack last week. A DDoS attack is a cyber attack designed to bring an online service offline by submitting extremely large numbers of invalid requests to a service, so that valid requests aren’t able to gain access to the services.
Although a common type of cyber attack, this one in particular had a different characteristic. According to a DYN company statement - at approximately 7 a.m. EST Friday, Dyn began experiencing a sophisticated highly distributed attack involving 10’s of millions of IP addresses. It took about 2 hours to mitigate the attack which was isolated to the east coast of the U.S., but several hours later a second attack began which was more global in nature and only lasted a short time. Reports of a third attack were verified by Dyn, but they were able to mitigate it without reported customer impact.
How Did it Happen?
According to Flashpoint, a security intelligence firm, they were able to confirm that some portions of the attacks were comprised of Mirai malware. Mirai malware targets Internet of Things (IoT) devices such as DVRs, cameras, routers or any type of device that can be controlled remotely. Compromised IoT devices are then bundled into botnets to perform DDoS attacks against internet services.
If you have an IoT device, you should always implement a strong password in an effort to prevent compromise and increase security. However, often times the device passwords cannot be modified as manufacturers often ignore security which leads to large-scale compromise.
Why Did This Happen?
Typically a DDoS cyber attack occurs when one party wants to bring down a service for revenge, blackmail, activism or ransom. It’s difficult to tell and we will most likely never know the motivation behind the attack on Dyn. Some experts predict that this is only the beginning of these types of sophisticated DDoS cyber attacks on the internet using IoT devices.
Can These Types of DDoS Cyber Attacks be Prevented?
Distributed Denial of Services cyber attacks can be prevented. However, companies must take carefully planned mitigation steps. Outlined below are several actions that leaders must follow.
- DDoS network component monitoring and blocking (either on-premise or as a service) must be in place
- Proper threshold alerting activated
- Automated internet facing component re-routing capabilities implemented
- Have a backup DNS service provider in the event of a sustained catastrophic event
- Network command center staffed with experienced professionals
There are many things that companies and individuals can re-learn from the DDoS cyber attack on Dyn. As the Internet continues to be critical to our daily lives, IoT devices must be developed and deployed with security in mind right along with features and ease of use. In addition, companies must have automated preventative measures in place to mitigate these types of attacks. I’ve written about the importance of a firm’s security culture in the past, but more now than ever, security must absolutely be taken serious at the top level of every company whether large or small.
To learn more about how to secure your organization and its network, watch this On Demand Webinar. >>