If you tried to access some of the world’s most popular websites, such as Twitter, Spotify, CNN, Netflix and The New York Times last Friday, you may have run into some trouble. Millions in the U.S. and Europe lost access to much of the internet in the wake of a cyberattack.
Hackers targeted Dyn Inc., a major provider of Domain Name System services in a distributed denial of service (DDoS) attack. The hackers used a malware called Mirai to flood Dyn’s servers with fake traffic through a botnet of internet-enabled devices including DVRs, storage devices and cameras.
Researchers do not yet know the motive for the attack and are unsure of who the perpetrator is. However, they believe that users of a hacking forum may be responsible, and not the foreign governments, WikiLeaks supporters and political activists who were originally suspected.
Looking back at Friday’s cyberattack, here are four key takeaways.
Devices such as webcams, DVRs, video doorbells and refrigerators that can connect to the internet are known as the Internet of Things (IoT). These devices provide us with new opportunities and make our lives easier, but also present new, unexplored security risks.
After the recent attacks, Chinese company Hangzhou Xiongmai Technology, recalled 4.3 million internet-connected cameras, which hackers infiltrated.
Many IoT devices (especially the cheaper ones) are unsophisticated and susceptible to hacking. Many users also never change their passwords from the default settings on IoT devices. Buying devices that allow you to change the default password, and changing the default password when possible, may help to stop these kinds of attacks in the future.
When it comes to DDoS attacks, whoever has the most computing power wins. This makes smaller companies more vulnerable. Larger companies can usually fend off hacking attempts. The use of the botnet in the recent attacks presented a new challenge, however, that Dyn was not prepared for.
Since being bigger makes a company more effective at preventing DDoS attacks, and the attacks are getting larger and more difficult to manage, websites must increasingly seek refuge with large, powerful companies. This is causing a centralization of DDoS protection.
These powerful companies can protect against these hacks more effectively, but the centralization also creates a risk. As demonstrated in Friday’s attack, a single attack can now disable a greater portion of the internet.
It can be difficult to ascertain who exactly is responsible for cyberattacks, and this creates the opportunity for imposters to take the credit.
Researchers at Flashpoint believe they have linked the attacks to users of the site Hack Forums. Users of this site frequently hack just for attention or fun, but sometimes also charge money for hacking services.
At first, many believed that Russia or WikiLeaks supporters were behind the attacks. A group called “New World Hackers” took credit for the attack, saying that they did it in response to the Ecuadorian government’s removal of Julian Assange’s Internet connection. WikiLeaks seemed to accept this assertion as true in a tweet. Activist group “Anonymous” also apparently took credit in a tweet. However, researchers believe these claims are false.
Companies, schools and other organizations provide safety training and conduct fire drills, tornado drills and active shooter drills. Many also have metal detectors and security guards.
But these organizations rarely provide cyber security training. However, as the recent attacks show, cyber security is important and increasingly at risk. IoT technology presents us with new risks and places the responsibility for security more heavily on the average consumer.
Individuals and companies should ensure they are educated about their cyber security risks in order to protect themselves and other internet users.
Friday’s large-scale DDoS attack represents the opening of a new chapter in cyber security. As technology changes, new challenges arise that must be met to keep the internet secure. Hacking and cyber security will likely become an increasingly important issue, so it is imperative that individuals and companies educate and protect themselves however they can.
By Kayla Matthews
