It may be old news to most of us, but researchers and experts are still sifting through the data on last week’s staggering distributed denial of service (DDoS) attack.
For those few who haven’t heard, someone launched a massive DDoS attack on a domain name server (DNS) last Friday. This is important because DNS are responsible for translating the web addresses we humans use (like www.geek.com) into data that computers and routers and the like can understand.
When a DNS goes down, computers get confused and have no idea where to go unless you manually type in the address of the site you need. Since basically none of us have that kind of information logged, it basically tanks any site that uses that DNS.
DDoS attacks have become increasingly prevalent and far more destructive over the past few years. They work using an array of techniques designed to flood a server with traffic so that it can’t handle all the incoming data and, frequently, shuts down. In the earliest days of the internet, it was possible for just a few computers to bring down a server with a coordinated attack. But as the internet infrastructure has grown, so too has the size of the attack needed to take out any one piece.
A couple of years back the hacking collective Lizard Squad were known to use a system where they’d request data from an internet time keeping server (essentially one of the computers that helps keep everyone’s clocks running) and then redirect that traffic at a selected target. This could be hugely devastating because time servers are designed to handle hundreds of thousands if not millions of requests at once. And if you asked for enough data from one, they could send that same volume of traffic downstream.
Since then security companies have wizened up. Now, many use special software that filters or examines incoming requests and screens them for anything suspicious. If you get a bunch of data coming from one place, you can safely assume it’s an attack and lock out that connection. So hackers have adapted.
In a blogpost published by Dyn (the DNS that got hit last week), the company identified the Mirai botnet as the “primary source of malicious attack traffic.” Botnets or collections of computers infected with specialized viruses have been used to aid DDoS attacks for some time, but Mirai is different.
Mirai uses hundreds of thousands of digital cameras, DVRs and other “internet of things” (IoT) products. Dyn estimates that they were hit with 1.2 TB/s, making this the largest attack recorded by far. This is particularly troubling because it points to the staggering number of security flaws in IoT devices.
Speaking to the Guardian, David Fidler, adjunct senior fellow for cybersecurity at the Council on Foreign Relations, said, “We have a serious problem with the cyber insecurity of IoT devices and no real strategy to combat it.”
Fidler adds that this is likely just the beginning.
“The IoT insecurity problem was exploited on this significant scale by a non-state group, according to initial reports from government agencies and other experts about who or what was responsible… Imagine what a well-resourced state actor could do with insecure IoT devices.”
Because a DVR may not show any signs of being infected and there are so many out there, not to mention printers, cameras, etc., infected devices can go much longer without arousing suspicion. And since we have so many of these systems running through homes and workplaces, the scale of these attacks could be truly terrifying.
It’s feasible that within short order we could see attacks large enough to take down internet exchange points, or IXPs, the literally backbones and hubs of virtually all web traffic on Earth. If that happened, then the potential damage could be catastrophic.
Mirai uses hundreds of thousands of digital cameras, DVRs and other “internet of things” (IoT) products. Dyn estimates that they were hit with 1.2 TB/s, making this the largest attack recorded by far. This is particularly troubling because it points to the staggering number of security flaws in IoT devices.
Speaking to the Guardian, David Fidler, adjunct senior fellow for cybersecurity at the Council on Foreign Relations, said, “We have a serious problem with the cyber insecurity of IoT devices and no real strategy to combat it.”
Fidler adds that this is likely just the beginning.
“The IoT insecurity problem was exploited on this significant scale by a non-state group, according to initial reports from government agencies and other experts about who or what was responsible… Imagine what a well-resourced state actor could do with insecure IoT devices.”
Because a DVR may not show any signs of being infected and there are so many out there, not to mention printers, cameras, etc., infected devices can go much longer without arousing suspicion. And since we have so many of these systems running through homes and workplaces, the scale of these attacks could be truly terrifying.
It’s feasible that within short order we could see attacks large enough to take down internet exchange points, or IXPs, the literally backbones and hubs of virtually all web traffic on Earth. If that happened, then the potential damage could be catastrophic.
Source - geek
0 comments:
Post a Comment