On Friday, October 21, a massive cyberattack affected many users of popular websites like Twitter, Netflix, Etsy, Spotify and Airbnb, among others. Dyn, a company that manages website domains and routes internet traffic, experienced two distributed denial of service (DDoS) attacks on its DNS servers, beginning at 7am on Friday. A DDoS attack is an attempt to flood a website with so much traffic that it collapses under the load. Think the volume of a fire hydrant rushing through a garden hose.
The attack appears to have relied on hundreds of thousands of internet-connected devices like cameras, baby monitors and home routers that have been infected — without their owners’ knowledge — with the Mirai botnet malware that allows hackers to command them to flood a target with overwhelming traffic. Source code for the malware leaked online last month, allowing relatively unskilled cybercriminals to use PVRs, routers and more as a platform to launch denial of service attacks. A Chinese firm announced on Monday that its products played a role in the attack due to weak default passwords.
The massive outage drew the attention of the FBI which said Friday that it was “investigating all potential causes” of the attack. Dyn said the attack started at 7 a.m., and was resolved later Friday morning. But issues continued, and by Friday afternoon, Dyn said it was investigating a third attack.
Initially, outages were primarily impacting those on the East Coast, but by midday Friday, people in Europe were reporting outages as well. Typically DDoS attacks are targeted at individual sites. DNS is like a phone book: this is like someone is attacking the phone company and burning all the phone books at the same time. .A government official said the U.S. is “looking at all possible scenarios including possible cyber activity.”
Hacktivist group New World Hacktivists has claimed responsibility for the attack. A senior government official told CNN that the DDoS attacks “mainly have resulted only in the slowing down of internet access to various websites on the East Coast.” The official believes these attacks were very crude attempts.
Security researchers have long warned that the increasing number of devices being hooked up to the internet, the so-called Internet of Things, would present an enormous security issue. And the assault on Friday, security researchers say, is only a glimpse of how those devices can be used for online attacks.
As cyberextortionist grow in numbers and sophistication, the cyber security industry will continue to develop multi-layer, complementary technologies to protect business assets. The most effective technologies complement existing technology, feathering in with current firewalls, anti-malware and endpoint protection. Additionally, complete DDoS protection is built around four key themes:
- Mitigate, don’t just detect
- Accurately distinguish good traffic from bad traffic to preserve business continuity
- Include performance and architecture to deploy upstream to protect all points of vulnerability
- Maintain reliable and cost-efficient scalability.
DDoS attacks will continue to grow in scale and severity thanks to increasingly powerful (and readily available) attack tools, the multiple points of vulnerability of the Internet, and business’ increasing dependence on the Internet. As the cost of these attacks rise, providers, enterprises, and governments must respond to protect their investments, revenue, and services.
What is required is a new type of solution that complements existing security solutions such as firewalls and IDSs by not only detecting the most sophisticated DDoS attacks, but also delivering the ability to block increasingly complex and difficult-to-detect attack traffic without impacting legitimate business transactions. Such an approach demands more granular inspection and analysis of attack traffic than today’s solutions can provide.