What’s most interesting to me about the massive distributed denial-of-service (DDoS) cyberattack last Friday isn’t that seemingly benign devices such as webcams, surveillance cameras and digital recorders were used as an army of malicious botnets, but that the sheer magnitude of the attack exposed the Internet’s vulnerabilities.
Apparently, hundreds of thousands—and possibly, millions—of Internet-connected devices were previously infected with a malicious control software, named Mirai. That code “guessed” at factory-preset passwords, which often are “admin” or “1234”, and turned them into an army of robots. Last Friday, each one was commanded, at a coordinated time, to bombard a small company called Dyn DNS with messages that overloaded its circuits.
Making matters worse, the attacks came in waves. Dyn said it had resolved one morning attack, which disrupted operations for about two hours. Then there was a second attack a few hours later that caused. By Friday evening, there was a third attack.
Dyn, an Internet middleman company, directs Internet traffic so when people type a URL into a web browser, they are directed to the correct site. Dyn spokespeople now say tens of millions of IP addresses were used, and there was so much resulting junk traffic, it froze the company’s equipment. The consequence was that the attack took down popular websites such as Twitter, Spotify, Netflix, Reddit, Airbnb, the Financial Times and The New York Times’ news feed.
“The sheer volume and consistency of these attacks was unprecedented,” said Dyn’s chief security officer Kyle York. “We run 18 data centers globally and it was hitting all of them at different and unique times. It was a very sophisticated attack involved tens of millions of IP addresses and the complexity of the attacks is what’s making it very challenging for us.”
Software IT company Dynatrace monitors more than 150 websites, and it found that 77 websites were affected by the cyberattack, CNN Money reports. The disruption may have cost companies up to $110 million in revenue and sales, according to CEO John van Siclen.
The attackers took advantage of traffic-routing services such as those offered by Alphabet Inc’s Google and Cisco Systems Inc’s OpenDNS to make it difficult for Dyn to root out bad traffic without also interfering with legitimate inquiries, Reuters reports.
“Dyn couldn’t simply block the IP addresses they were seeing, because that would be blocking Google or OpenDNS,” Matthew Prince, CEO of security and content delivery firm CloudFlare, told Reuters. “These are nasty attacks, some of the hardest to protect against.”
The U.S. Department of Homeland Security and the Federal Bureau of Investigation have announced they are investigating the attacks, as is the U.K.’s Home Office. The Department of Homeland Security announced it held a conference call with 18 major communication service providers shortly after the attack began, and is working to develop a new set of “strategic principles” for securing Internet-connected devices.
Much of the fallout remains to be seen, however Linux Systems analyst Hayden James says the impact of the cyberattack on businesses can be significant. “Even though it’s not a physical bomb, it has some similar effects,” James told CNNMoney, citing the loss in business and advertising revenue. He believes this is the worst DDoS attack in recent memory, but future attacks could last longer and cripple the U.S., like one that impacts trains or the stock market.
“There’s a strong possibility of far more sophisticated attacks that could shut down the entire Internet for everyone for hours, if not an entire day,” James says.
What are your thoughts on the cyberattack on Dyn? Do you now think differently about the Internet of Things and inherent lack of cybersecurity? What would the impact be on your supply chain if the Internet was down for a full day?