Share

Even after Dyn DDoS attack, businesses shouldn’t ditch DNS providers, analyst says

We need to make sure that the devices that make up the internet of things can’t be used in the kind of attack that nearly broke the internet late last month.

Advertisement

Dyn then began an extensive analysis, which continued as it thwarted smaller, probing TCP attacks that occurred over ensuing hours and days. They can’t, since IoT devices are all different. In simple terms – the scale and the source. As reported by the anonymous researcher, Aidra forced infected devices to carry out a variety of distributed denial-of-service attacks but worked on a limited number of devices. Does this sound familiar? “The attack highlights that many organizations only consider the deployment, and are unable to effectively inventory or update the devices once they are deployed”.

In a blog post about today’s attack on Dyn, Krebs noted that the recent scale of attacks has caught Internet security companies off-guard.

The path to protecting against IoT-enabled widespread DDoS attacks must expand beyond just the traditional relationship between Internet Service Providers (ISPs), Content Delivery Networks (CDNs) and businesses. But if a DNS provider is attacked, you may try to change your DNS provider from your local ISP to a service like Open DNS or Google DNS.

Cyberliability insurance typically covers the costs of investigating, responding to and terminating an actual or suspected security or privacy breach, often including the fees, costs and expenses to retain counsel to determine notification obligations, to retain forensic investigators, to retain communications and public relations professionals, to provide notification to potential affected persons, and to provide remedial services, such as credit file monitoring.

Dyn also used mitigation techniques, including “traffic-shaping incoming traffic, rebalancing of that traffic by manipulation of anycast policies, application of internal filtering and deployment of scrubbing services”.

Dyn EVP, Product Scott Hilton confirmed that a Mirai botnet was the primary source of malicious attack traffic in an october 26 post on the company’s blog. It infects a massive network of devices connected to the internet-such as baby monitors, security cameras, and Wi-Fi thermostats-and uses processing power from these devices to overwhelm internet servers with fake traffic, forcing them offline.

“The device will be reinfected within minutes thanks to the efficient bot harvesting code within Mirai”, he said.

“The malware (the bot client) is created to aim IoT device via telnet protocol, by using its originally coded telnet scanner function, which is brute-forcing the known vulnerable credential of the Linux IoT boxes, via command sent from a CNC malicious IRC server”, the researchers note.

“What makes the attack more remarkable is the fact that it was only possible because the devices” owners couldn’t be bothered to change the default password on their new purchase.

The run errors seen in the image above triggered alerts and notified the user on DNS issues.

To understand how this happened, you need to understand how Internet of Things (IoT) devices work. People who attach smart devices to the internet without changing the default user name and password are just setting those products up to be part of a botnet. However, security concerns seemed to take a back seat as brands kept romancing about the endless possibilities of IoT. Many IoT devices are woefully unsecure, and we have the technology. “To protect connected devices and their data, the IoT industry needs the attention, coordination and commitment to security that the payments industry is putting into securing payments”.

A hacker group released a new malware strain into the wild able to override IoT devices for use in DDoS attacks. $4,600 can buy 50,000 bots and $7,500 can buy 100,000 of these malicious bots.

On your computer or device, use the default log-in credentials to access your account.

Advertisement

“This shift puts us at risk of being targeted by hackers, for personal reasons, political reasons, or even state-sponsored attacks”, he said. Such a tool could theoretically be used to reduce the attack surface. They need to educate themselves about the threats and learn what to look for in the devices they use. Citing analyst projections that the number of IoT devices will jump from 13.4 billion to 38.5 billion by 2020, Warner warned: “there is no requirement that devices incorporate even minimal levels of security”.

2 Companies That Protect the Internet of Things