If you were unable to access Spotify, Twitter, or a number of other popular websites last Friday, it’s not a coincidence – according to various reports, a major DNS provider experienced one of the largest recorded DDoS attacks to date via IoT-connected devices.
New details are constantly emerging about this attack, though while no one has come forward yet to take credit. Questions are being raised about how IoT-connected devices will impact our future security positioning, when another attack will happen, and how we can learn from this unfortunate series of incidents.
The Chief Strategy Officer at Dyn, Chris York, released a statement about the attack incidents this past Saturday – here are some key takeaways:
- Two successful DDoS attacks occurred – 7AM and 12PM, respectively – with service being restored within 1 – 2 hours for both.
- A third attack was attempted around 1PM but ultimately failed.
- The first attack hit those on the East Coast, barring users from entering popular websites due to the influx experienced by Dyn’s NOC (Network Operations Center).
- The second attack was global and not limited to just the East Coast POPs (Point of Presence); it was mitigated and Dyn restored service by 1PM EST.
- There was never a system-wide outage – for example, West Coast users were not affected like their East Coast or European counterparts.
DDoS attacks are scary to consider, and while Dyn was absolutely taken aback by the largest DDoS attack to date, this is nothing new or surprising. Here’s why:
- IoT-connected devices were used to deliver the Mirai botnets that ultimately staged the DDoS attacks at three different points throughout the day.
- Mirai botnets are well-known in the cyber security community and have wreaked havoc in the past to the point that there should have been blockades in place.
- DNS providers did not implement Network Ingress Filtering, Best Current Practice (BCP)-38, and Response Rate Limiting (RRL), all of which would have made the outcome of these events very different.
Tens of millions of IP addresses were associated with the Mirai botnet to pull off what is considered to be an historic DDoS attack. Does this bode well for the future of IoT devices? Yes and no. The IoT as we know it is ever expanding – refrigerators are connected, along with children’s toys, toothbrushes, the list goes on. However, in order to avoid these large-scale DDoS attacks, security protocols need to be implemented in future devices, and security updates need to be required for all current market models. These types of attacks will continue to happen, but only until the producer and consumer realize the grave necessity of complete cyber security protection.