The wide-scale Distributed Denial of Service (DDoS) attacks that occurred on October 21 overwhelmed the servers for Dyn, Inc., a Domain Name Service provider (DSP) with a slew of bogus requests. As a result, people were unable to reach numerous websites and apps such as Twitter, Netflix, Google, Amazon, and PayPal that rely on Dyn to translate their names into addressable locations. If your computer or mobile device can’t find the IP address for Netflix, you’re then unable to use Netflix or communicate with the service.
Reports from internet performance monitoring firm CloudHarmony said the company tracked a 30-minute disruption the morning of October 21, which affected access to many websites along the East Coast. A second attack that occurred later in the day impacted websites on the West Coast and in Europe.
There are several aspects of the attacks that are raising new concerns for cyber security professionals and company executives. The first is that the attacks were launched, in part, by utilizing Mirai, a code that was recently released on the web that enables anyone using it to gain control of different types of Internet of Things (IoT) devices and amass an army of botnets to carry out heinous activities. In the attacks that took place on the 21st, a large number of IoT webcams were used to flood Dyn with bogus requests.
While the attacks posed an inconvenience to many consumers, the business impact to companies such as Amazon or PayPal could’ve been much worse.
“If these attacks had occurred on Black Friday or Cyber Monday, the economic impact would have been very significant,” said Ladi Adefala, Senior Security Strategist at Fortinet. One of Adefala’s greatest concerns resulting from the botnet attacks is that he fears that most enterprises are not adequately prepared to address these types of machine-to-machine (M2M) attacks. “Bots have a level of automation when aggregated together that is very difficult to stop once you harness all of the power,” said Adefala.
Gartner predicts that there will be 6.8 billion connected devices in use this year, representing a 30% increase from 2015 and rising to more than 20 billion connected devices by 2020. Since many IoT devices are unsecured, this presents incredible opportunities for hackers.
To better prepare enterprises for any future M2M attacks, Adefala offers several recommendations.
First, companies need to have their own on-premise DDoS capabilities as well as DDoS aptitude from their Internet Service Providers (ISPs) that can be blended together as a first line of defense.
Second, companies need to have the right technologies in place to detect the precursors or the predictors of compromise. “We all know that when it rains it pours, but before it starts pouring, there are definitely indications of cloudy skies,” said Adefala. “If you’re not paying attention or even looking at the sky to begin with, it’s difficult to see.”
Others agree that a proactive, offensive approach to information security is essential in mitigating risk. “Proactively hunting in the environment to identify threat intelligence is critically important,” said Shawn Henry, President of CrowdStrike Services and CSO at CrowdStrike.
Early detections can include identifying any patterns and anomalies in TCP connections and UDP requests, said Adefala. There’s also a strong need for gathering and acting on meaningful, actionable intelligence. “The real benefit of that is that as these techniques change, the actionable threat intel provides insights for what you can do,” Adefala added.
The attacks also serve as a wake-up call to manufacturers to embed security early in the product design phase. “We’ve said for a long time that we need to build security into operational technology (OT) products,” said Gary Harbison, CISO at Monsanto.
Even for companies that weren’t impacted by the most recent botnet attacks, Harbison recommends that CISOs and other security professionals evaluate the interconnectivity that exists between the company and external partners such as cloud services providers to determine their preparedness. This can help information security teams to think through their disaster recovery and business continuity plans, said Harbison.
- The pervasive Distributed Denial of Service (DDoS) attacks that occurred on October 21 and impacted websites such as Twitter, Amazon, and Google are raising new concerns about security gaps with Internet of Things (IoT) devices.
- To prepare for potential future botnet attacks, cyber security teams should meld their DDoS capabilities with those of their Internet Service Providers (ISPs).
- Security teams should also evaluate the interconnectivity between their companies and cloud services providers to determine their preparedness.