Key Takeaways From Dyn's DDoS Attack

DDoS Attack Takeaways 

If you tried to access some of the world’s most popular websites, such as Twitter, Spotify, CNN, Netflix and The New York Times last Friday, you may have run into some trouble. Millions in the U.S. and Europe lost access to much of the internet in the wake of a cyberattack.

Hackers targeted Dyn Inc., a major provider of Domain Name System services in a distributed denial of service (DDoS) attack. The hackers used a malware called Mirai to flood Dyn’s servers with fake traffic through a botnet of internet-enabled devices including DVRs, storage devices and cameras.

Researchers do not yet know the motive for the attack and are unsure of who the perpetrator is. However, they believe that users of  a hacking forum may be responsible, and not the foreign governments, WikiLeaks supporters and political activists who were originally suspected.

Looking back at Friday’s cyberattack, here are four key takeaways.

The ‘Internet of Things’ Presents New Challenges

spybot-IoT

Devices such as webcams, DVRs, video doorbells and refrigerators that can connect to the internet are known as the Internet of Things (IoT). These devices provide us with new opportunities and make our lives easier, but also present new, unexplored security risks.

After the recent attacks, Chinese company Hangzhou Xiongmai Technology, recalled 4.3 million internet-connected cameras, which hackers infiltrated.

Many IoT devices (especially the cheaper ones) are unsophisticated and susceptible to hacking. Many users also never change their passwords from the default settings on IoT devices. Buying devices that allow you to change the default password, and changing the default password when possible, may help to stop these kinds of attacks in the future.

DDoS Protection Is Becoming Centralized

When it comes to DDoS attacks, whoever has the most computing power wins. This makes smaller companies more vulnerable. Larger companies can usually fend off hacking attempts. The use of the botnet in the recent attacks presented a new challenge, however, that Dyn was not prepared for.

Since being bigger makes a company more effective at preventing DDoS attacks, and the attacks are getting larger and more difficult to manage, websites must increasingly seek refuge with large, powerful companies. This is causing a centralization of DDoS protection.

These powerful companies can protect against these hacks more effectively, but the centralization also creates a risk. As demonstrated in Friday’s attack, a single attack can now disable a greater portion of the internet.

Imposters Can and Will Take Credit for Cyber Attacks

hacker-cloud

It can be difficult to ascertain who exactly is responsible for cyberattacks, and this creates the opportunity for imposters to take the credit.

Researchers at Flashpoint believe they have linked the attacks to users of the site Hack Forums. Users of this site frequently hack just for attention or fun, but sometimes also charge money for hacking services.

At first, many believed that Russia or WikiLeaks supporters were behind the attacks. A group called “New World Hackers” took credit for the attack, saying that they did it in response to the Ecuadorian government’s removal of Julian Assange’s Internet connection. WikiLeaks seemed to accept this assertion as true in a tweet. Activist group “Anonymous” also apparently took credit in a tweet. However, researchers believe these claims are false.

It’s Time to Take Cyber Security Seriously

Companies, schools and other organizations provide safety training and conduct fire drills, tornado drills and active shooter drills. Many also have metal detectors and security guards.

But these organizations rarely provide cyber security training. However, as the recent attacks show, cyber security is important and increasingly at risk. IoT technology presents us with new risks and places the responsibility for security more heavily on the average consumer.

Individuals and companies should ensure they are educated about their cyber security risks in order to protect themselves and other internet users.

Friday’s large-scale DDoS attack represents the opening of a new chapter in cyber security. As technology changes, new challenges arise that must be met to keep the internet secure. Hacking and cyber security will likely become an increasingly important issue, so it is imperative that individuals and companies educate and protect themselves however they can.

By Kayla Matthews

Sebastian Grady

Digital Transformation – Updated Metrics for the Cloud Era

Cloud Era Metrics Undertaking digital transformation means also transforming how IT success is defined, including metrics that address business in the cloud.  With up to 90% of budgets spent keeping the lights on, cost is ...
Virtana

Episode 8: Managing Cloud Strategy During the Chaos of 2020, Plus an Outlook for 2021

An Interview with Kash Shaikh, CEO of Virtana Companies are wrestling with the idea of moving to the cloud, staying on-prem or finding a hybrid solution. Kash Shaikh, the new CEO of Virtana, looks at ...
Yotascale podcast

Episode 10: The Modern Day Smokestack? The Economics of Cloud Management

The Modern Day Smokestack A conversation with Asim Razzaq, CEO, Yotascale Why is cloud cost management so difficult? What are the main challenges in achieving cloud cost optimization? What are the principles of cost optimization ...
Staeadfast

Episode 5: How the Pandemic is Changing Business and the Cloud

An Interview with Ed Dryer of Steadfast With the global pandemic wreaking havoc on business and society, everything is changing. Ed Dryer, Senior Technology Strategist at Steadfast Networks, which specializes in Colocation, Managed Infrastructure as ...
Digital Theft

Cross-Site Scripting – Why Is It A Serious Security Threat For Big Data Applications?

Security Threat And Big Data Applications (Updated August 11th, 2020) IBM, Amazon, Google, Yahoo, Microsoft - and the list goes on. All these leading IT enterprises have been affected by Cross-Site Scripting (XSS) attacks in ...
Jen Klostermann

Enterprises Starting To Embrace Blockchain-as-a-Service (BaaS)

Blockchain as a Service (BaaS) Many global companies have already implemented Blockchain-as-a-Service (BaaS) into their cloud offerings. There isn't any question that offering BaaS can serve as a differentiator for many companies. Not to mention, ...