September 9, 2019
On Friday morning a number of sites including Twitter, Reddit, CNN, Amazon, Gmail, Twillio, Spotify and a further 1200 odd domains were left temporarily unavailable to visitors after several waves of major cyber attacks against DNS host Dyn. The wave of distributed denial of service (DDoS) attacks pretty much broke a significant chunk of the Internet on Friday. Hacking is definitely becoming more prevalent in the news but few people understand exactly what a DDoS attack is how to avoid falling prey to hackers who love this specific type of cybercrime so much.
Here’s how it works. Basically, Dyn offers Domain Name System (DNS) services. DNS providers operate as a link between the URLs you type into your browser and their corresponding IP addresses – essentially acting as an address book or internet directory. You know the name of the person or website you’re looking for but you don’t know their address or telephone number. In the case of a DDoS attack, millions of people are flicking through the phone book at the same time and in doing so, overloading the system to the point that nobody can find what they’re looking for.
A DDoS attack overwhelms a DNS server with lookup requests, rendering it incapable of resolving any. And that’s what makes DDoS attacks on DNS so effective - rather than targeting individual websites, an attacker can take out multiple websites for any end user whose DNS requests route through the server being attacked. The end result is that a whole bunch of websites appear offline and nobody can access them.
DDoS attacks are a key strategy in a hacker’s arsenal for bringing a website down. Cyber criminals deploy a distributed (spread across multiple computers known as a botnet) and coordinated attack to bring websites down for hours or even days at a time. Essentially the service becomes unviable for users.
In a simple DoS (denial of service) attack, hackers will use a single internet connection to flood a server with connection requests. A DDoS is a distributed attack in which hackers launch the connection requested from multiple connected devices. In order to make this work, hackers will install bots that allow them to control numerous computers or connected devices with unique IP addresses.
These Internet of Things devices include webcams, DVRs, routers etc. and, once infected with malware, they become part of a botnet army used by the hackers to drive malicious traffic toward any target they choose.
Dyn has determined that a great deal of the junk traffic used in the attacks came from the Mirai botnet, a network of infected Internet of Things devices. The army included between 10% and 20% of the estimated 500,000 IoT devices enslaved in the Mirai botnet which was also recently used to target the website of independent cybersecurity journalist Brian Krebs in one of the largest DDoS attacks in history. The attack managed to deliver a staggering 665Gbps of traffic to Kreb's website. After the attack the code used to build the botnet was leaked online, making more massive DDoS attacks an inevitability. Dyn’s Chief Strategy Officer explained just how much of an army there is for hackers to put to work: “There are 3.4 billion internet users globally and 10 to 15 billion IoT devices. It’s a complex world. All we can do is lock arms together and see how we can rectify this,” York said.
The first step to keeping your IoT devices safe, is to learn about the security risks of the Internet of Things and how two-factor authentication protects against the biggest online security threats.