The highly successful Distributed Denial of Service (DDoS) Mirai attack of October 21, 2016 impacted a number of highly popular websites on both coasts of the United States. The attack was aimed at Dyn, a Domain Name Server (DNS)-routing company in New Hampshire. Dyn is responsible for maintaining a part of the Internet that functions more or less like a ‘switchboard’; routing domain requests is a key, vulnerable choke point, as was proven by the consequences of the attack.
The attack was executed by a botnet, called Mirai which is a collection of ‘captive’ devices, such as webcams and baby monitors. The botnet generated by tens of millions of IP addresses overloaded the system resulting in the massive outage.
The attack was quite sophisticated and looked at first like it had been orchestrated by a nation state, or at least supported by one. Later on, Internet security organizations declared that the attackers were most likely members of “hackforums[.]net”, an English-language hacking forum community.
The attackers were apparently easily able to take advantage of the fact that the burgeoning Internet of Things (IoT), like most things associated with the Internet, was not designed with any kind of serious security in mind. Devices of all types are cropping up on the Internet, providing lucrative targets for attackers to exploit. Manufacturers simply did not believe that a single webcam is a tempting-enough target for hackers to spend time over. They were painfully wrong. Many of these devices are built with security holes that the user cannot correct. Some manufacturers recognize the problem and are doing something about it. For example, one Chinese manufacturer of web cams, XiongMai, is going so far as to recall its products so it can ‘fix’ the security hole exploited by the attackers.
What can you do about it?
- If you are an organization, you should include security requirements in all IoT devices you intend to connect to your network.
- If you are an individual, disconnect or turn off/unplug any such device when not in use.
- If your cyber security infrastructure has the capability – via firewalls or other technology – to monitor outbound traffic, do so and ensure that major irregularities are dealt with quickly so that your devices are not unwittingly part of a botnet.
- If continuity of business is crucial for your organization, create and maintain the capability to function without the Internet if possible and/or have alternative means or locations to keep the key functions of your organizations going.
- Make sure employee awareness programs include training on how to recognize anomalies and where/how to report them.
- Have regular exercises that deny Internet resources to employees as a means to test work arounds.
- Monitor significant cyber events around the globe in order to have situational awareness of issues in other geographic areas.
TAL Global is a full-scope security firm working with clients in the cyber and physical worlds to minimize risks and optimize security – around town, and around the world. We welcome your questions and will be happy to learn your organization’s special needs.