The Largest DDoS Attack in History
Friday, October 21, 2016 was certainly a dark day for the internet with the largest DDoS attacks in history. One of the largest ISPs in the world, Dyn was hit with a DDos attack. When Dyn went offline, their ability to serve DNS (the internet's address directory) became unavailable. Sites using Dyn for DNS were inacessible during the attack. DNS lets users connect to websites and online services around the world using easy-to-remember addresses instead of the server's numeric IP designation. When the servers are unavailable, internet users cannot access any of those belonging to organizations that are Dyn customers.
The three DDoS attacks hit around 7 am, 12 pm and 4 pm Eastern, causing countless sites like Amazon (AWS), PayPal, Twitter and Netflix to go down, affecting millions of users across the U.S. One source suggested that more than 1 million companies might have been affected on the AWS platform, such as GE, News Corp and Capital One, as they experienced connection issues around the same time as the Dyn attacks.
There has been much speculation as to which nation states or threat actors were responsible. In a recent blog post, Kyle York, Chief Strategy Officer for DYN, stated, “At this point we know this was a sophisticated, highly distributed attack involving 10s of millions of IP addresses. We are conducting a thorough root cause and forensic analysis, and will report what we know in a responsible fashion. The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations. We can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.”
The big question is, “how did this happen?” According the article published by NBC News, it suggests that “The attacks used the "internet of things," meaning "smart" household appliances like DVRs, routers, printers and cameras that are linked to the web, to create "botnets" that overloaded websites by sending them more than 150,000 requests for information per second.”
According to a popular security blogger, Bruce Schneider, “These [DDoS attacks] take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down.”
Shawn Henry, President of CrowdStrike Services and CSO, acknowledged the seriousness of this attack and the vulnerability of our nation’s network and infrastructure.
Preventing Future DDoS Attacks
The next logical question seems to be, “How can we secure the Internet of Things (IoT) so this doesn’t happen again?”
Chris Nyhuis, Founder and CEO of Vigilant Technology Solutions, a leader in cyber security, network security and managed IT solutions, and who was recently awarded CA DOJ approval, says, “Many organizations using IoT devices such as cameras, copy machines, and even heart monitors for that matter, are locked out of them to some extent by the vendor. Oftentimes, businesses have no ability to verify the device’s configuration is secure or even meeting the organization’s most basic minimum-security requirements. With no ability to audit these devices directly, businesses should consider looking closely “around them” in real-time, analyzing what these devices are doing, whom they’re talking to and where, and how they interact with other assets on the network. Being able to rapidly detect and assess the posture of these devices allows for early identification of a wide variety of concerns including code problems, configuration vulnerabilities, and much more.”
According to Stephanie Cervantes, former Chief Information Technology Officer at CA DOJ and now, Security and Privacy Strategist at LinkSource Technologies, “A good managed security service provider (MSSP) should have been able to see the breadcrumbs leading up to this large-scale breach. With cyber security on everyone’s mind and keeping CEO’s and industry leaders up at night with worry over whether they’ll be next, organizations are scrambling to get their network(s) secured. The problem is that there are literally hundreds of cyber security companies out there saying largely the same things, yet most times their services are not the same and it’s difficult to know which company has the right services, the right credentials, etc.”
Cervantes goes on to say, “This is where LinkSource Technologies comes in. They take an agnostic approach to help organizations define the right security solutions for their business environment and customized network infrastructure and connect them with the security companies who best fit their needs.”
About LinkSource Technologies®
LinkSource believes that migrating to new technologies should be a seamless and simple experience for their clients. They partner with organizations to identify their unique business requirements and advise on secure, reliable, cost-effective solutions.
They are recognized technology advisors in the Telecom and Cloud Enablement industries and manage millions in annual client revenue for some of the most prominent global brands. LinkSource is known for thinking outside the box to create opportunities where others see obstacles. Their highly skilled, innovative team brings a fresh approach and perspective to common, and often complex problems.