Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Lessons learned from the DYN attack

Evan Bundschuh, Commercial Lines Manager, GB&A | Oct. 27, 2016
The large scale DDoS attack on DYN last week interrupted access to many major web sites, and while the specifics of the attack have been widely analyzed, here are the important lessons learned:

Although vendor-written, this contributed piece does not promote a product or service and has been edited and approved by Executive Networks Media editors.

The large scale DDoS attack on DYN last week interrupted access to many major web sites, and while the specifics of the attack have been widely analyzed, here are the important lessons learned:

* DDoS attacks are alive and well: A few years ago DDoS attacks were hot news, but reports died down as the focus shifted to news about social engineering attacks, large scale data breachs and insider trading schemes. DDoS attacks seemed like yesterday’s risk but they are very much alive and well.  In fact, they are back and stronger than ever.

Consider that the average size DDoS attack used to hover around 5Gbps. In the past month alone, aside from the attack on DYN, there have been two attacks over 500Gbps. An attack on hosting provider OVH was estimated at 1Tbps, while another against Krebs On Security was estimated at 620Gbps.

This attack also demonstrates the tools available to bad actors. The Mirai source code, which appears to have been used in the DNY attack, is actually publicly available and fairly easy to obtain.

* The IOT bots are against us! We’ve all seen the movies where the robots turn against us. In the movies they are out to kill us, but this hack demonstrated they can, at the very least, be corrupted to kill our Internet. The DYN attack weaponized IOT devices such as cameras and routers with weak passwords. The general population, it turns out, fails to view IOT devices as “connected computers” and never considers changing the default credentials of their connected devices, making the devices vulnerable.

We as purchasers, need to start viewing these devices as computers themselves, both for our own protection and the protection of the Internet. In fact, this attack may serve as the trigger for new standard setting and government imposed regulation regarding required security measures for IOT devices.

* Infrastructure may be more vulnerable than we assumed. While there has been a lot of security research surrounding the protection of our government’s infrastructure, the infrastructure of the internet itself has flown relatively under the radar. The recent attacks against hosting provider OVH and DYN, demonstrate where the hackers are looking, and prove just how efficient attacks against such companies can be. As a result, security experts may need to take a wider view when addressing the security of our infrastructure.

* Lost income is a real possibility. As was just demonstrated, sophisticated hacks can cripple the internet. Luckily in this case it was for a relatively short period of time.  But large organizations stand to lose hundreds of thousands in lost income for an interruption lasting just a few hours.

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.