The day DDoS attacks broke the internet

October 28, 20164 Minute Read

Select article text below to share directly to Twitter!

Dismiss
All your worst security fears came true when the internet literally broke on October 21, 2016. A distributed denial-of-service attack larger than any DDoS attacks in history launched against the New Hampshire-based DNS provider Dyn. The result? Many popular web services, including Netflix, Amazon, Twitter, Runescape, and more, suffered hours-long outages. We're still waiting for the full details about what exactly went down, but we know a particularly nasty strain of malware, known as Mirai, caused the attack. Instead of taking control over a virtual army of computers, Mirai latched onto unsecured Internet of Things (IoT) devices, such as security cameras, routers, and printers. We can contribute the success of the massive attack to the sheer volume of unprotected connected devices in workplaces, with Dyn reporting the involvement of over 100,000 malicious endpoints. By The Guardian's estimation, it was two times larger than any botnet incident in history.

Who's at fault?

As details of the attack surface, many IT pros and tech enthusiasts wonder if it was political or the direct result of foreign policy. To be clear, it's unknown who caused the attack on Dyn. Flashpoint analysts highlight that the attacks didn't seem political or financially motivated in intent—common characteristics of professional cybercriminals or hacktivist groups. Instead, the attack fits a profile associated with hacker forum users who launch malware for troll cred or sheer thrill. You may also know these less-skilled hackers as "script kiddies." If this theory rings true, it's a sign the nasty Mirai attack may only represent the first of many similar incidents in the months to come. Jeff John Roberts of Fortune writes that the grim truth is, "The compromised devices, which make up the botnet army, are still out there and unpatched, which means other attacks are likely on the way."

DDoS attacks and the state of security

For many IT pros, Mirai isn't entirely surprising. The state of IoT adoption by both businesses and private users has been a source of concern for ages. In early October, security researcher Darren Martyn analyzed Mirai when the code first published to hacker forums as "fairly amateurish." The code's designed to scan for IoT devices with weak or default passwords, and then take control and launch DDoS attacks using specified methodologies, like UDP, DNS, HTTP floods, and more. Sensor technology isn't new, either, but the volume and manner in which it's networked definitely is. For many businesses and personal users of DVRs, printers, security cameras, and other connected devices, security and privacy take a backseat. If the device is inherently unsecured, or you didn't bother to change your password from "admin," your router can easily become part of an evil IoT army at any time.

Is your printer your biggest risk?

There's little proof of whose products were or were not vulnerable at the time of the attack. While Dyn's exercised transparency when it comes to details of the attack, there's still no verified list of manufacturers or devices taken over by the Mirai malware. In any case, the biggest risk for IT pros and individuals who use IoT devices is user error. All too often, people install their printers without changing default logins or applying basic security standards. Months ago, security consultant Paul Moore reported on an epidemic of VoIP phones secured with default login credentials. According to his analysis, the concept of relying on defaults "for now" rarely results in a properly secured device down the road, which leads to a gaping attack surface.

Don't be a default attack target

Unless you have deployed software designed to configure the security settings on printers to standard best practices the moment you turn it on, you're responsible for configuring and maintaining IoT security. Open ports and automatic assigning of IP addresses means your technology might transform into a drone during the next high-profile cyber attack. Unfortunately, the next set of hackers may not just aim to troll. Instead, they might want to use your printer as a gateway to stored, sensitive data or the rest of your network for financial gain. All businesses with printers or other IoT devices (in other words, everyone) should emphasize print security, set strong passwords on all devices, and turn off unused ports and protocols, especially if you don't rely on technology with built-in protocols. For virtually every individual with a smartphone or internet connection, an afternoon spent without access to Amazon, Netflix, or Reddit felt like a total disaster. But, there are valuable lessons in the sheer size of the recent Mirai malware attack. Without proper built-in security or taking secure configuration steps, your printer and other connected devices could be the next recruit for a botnet army.
  • Recommended for you
  • Recommended for You