The Day the Internet Died
Twitter, Spotify, Reddit, PSN and a whole load of other internet services and websites were down or left partially working on Friday. This happened when hackers launched an extremely large Distributed Denial of Service (DDoS) attack on Dyn DNS Servers. Dyn is a major host of internet DNS servers. It looks like Dyn was hit with up to 4 attacks lasting most of Friday.
We have seen more and more increasing DDoS attacks in the past 6 months, some seem to be testing the limits of the core infrastructure of the internet and it would seem that it isn’t beyond the realms of possibility that there will be an even larger attack against multiple DNS server providers that will bring the entire internet down.
What is a DDoS Attack
A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.
How has the DDoS Attack Evolved
Attackers build networks of infected devices (botnets), by spreading malicious software and recruiting vulnerable systems. Once infected, these systems can be controlled remotely, without their owners’ knowledge, and used like an army to launch an attack simultaneously against any target. Some botnets are over millions of devices strong.
With the rise of IoT (Internet of Things) there is an ever increasing recruitment of vulnerable devices and foot soldiers to wage DDoS attacks on the core infrastructure of the internet. Many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur. Enterprises may find distributed attacks increasing as more and more of these devices come online and attackers find additional ways to exploit them.
What Comprises the Internet of Things (IoT)
The internet of things is the inter-networking of physical devices, vehicles and buildings that enable the devices to collect and exchange data. IoT devices can range vastly from smart metering devices to IP cameras, Children’s Toys to Medical Equipment, basically anything that transmits or is able to transmit data to and from the internet.
A lot of these devices are vulnerable out of the box so they don’t even have to be infected to become compromised. All they need to do is be scanned and accessed and they can be recruited into an IoT Botnet.
So the next time you get a camera, a smart meter or any other device that connects to the internet ask yourself is it secure? And do I really need this?