Twitter. Netflix. Spotify. If you are one of the hundreds of million users on these sites, you may have noticed a disruption in their services last Friday, October 21st. They, among many other high-traffic sites, were the targets of a massive DDoS cyber attack.
How were these sites attacked? Through a company called Dyn, an Internet performance company that helps to route internet traffic. With Dyn as their conduit, the hackers caused a significant Internet outage all throughout the United States. It is becoming increasingly clear that these types of DDoS attacks are on the rise and that unsecured Internet of Things (IoT) infrastructure is the hacker’s weapon of choice that deserves immediate attention from anyone who can take action.
A DDoS attack involves overwhelming a web server with so much illegitimate traffic that the server under attack is crippled and unable to respond to legitimate requests. The malware used in the Dyn attack was able to exploit unsecured IoT devices such as DVRs, printers, surveillance cameras, and routers. Once a device is infected, the malware is able to coordinate multiple other devices and use their processing power to form a “botnet” – a network of infected computers that execute the DDoS attack. According to the Dyn security team, they observed tens of millions of individual devices associated with the botnet that carried out the attack,
There is no easy way to determine if a particular device on your network is infected with malware or if it has been recruited for malicious botnet activity. There are, however, a number of things you can do right away to help secure your devices and help to prevent future attacks designed to cripple the Internet.