Unless you’ve been living under a rock (or have been “disconnected” since Friday), you should have heard by now that some major websites were “inaccessible” to people across much of the United States on Friday after a company that manages DNS, a crucial part of the internet’s infrastructure, said it was under attack.
The company, Dyn, whose servers monitor and reroute internet traffic, said it began experiencing a DDoS (distributed denial-of-service) attack just after 7 a.m. Reports that many sites were inaccessible started on the East Coast, but spread westward in three waves as the day wore on. Users reported sporadic problems reaching several websites, including Twitter, Netflix, Spotify, Airbnb, Reddit, Etsy, SoundCloud as well as The New York Times.
Beyond not being able to Tweet or watch the most recent episode of "Orange is the New Black", why does any of this matter to you? Well, this is just the tip of the iceberg of how interconnected our lives have become because of the internet. Not only that – one of the key takeaways must be our combined (as a society) approach to security. You see, the DDoS attack that was launched against Dyn was carried out by a Mirai botnet that exploited tens of thousands of connected-devices.
What does this mean? Well, the attack which brought a number of high-profile sites offline for several hours was the result of cyber attackers taking advantage of the poor security in IP cameras, thermostats, home controllers, baby monitors and other connected Internet of Things (IoT) devices. Yes, the latest technical buzzword people are just starting to wrap their brains around – the Internet of Things. The attack appears to have relied on hundreds of thousands of internet-connected devices which have been infected — without their owners’ knowledge — with software that allows hackers to command them to flood a target with overwhelming traffic.
Security researchers have long warned that the increasing number of devices being hooked up to the internet, this so-called Internet of Things, would present an enormous security issue. And the assault on Friday, security researchers say, is only a glimpse of how those devices can be used for online attacks. Friday's DDoS attack is the largest of its kind yet and hopefully serves as a reminder to consumers and businesses to take the necessary steps to protect their IoT devices, as well as their computer networks, from future attacks.
Other than the annoyance factor, most of our clients felt little from this episode. One of the reasons that helped in this case has been our initiative to leverage Cisco’s OpenDNS platform helping our clients to securely access their DNS hosting. So, not only does it provide security from the standpoint of limiting cybercrime with its focus on limiting ransomware, but as a DNS platform it won’t be affected like Dyn was. So, for our clients it’s clearly a win – win!
But, it just goes to show how seriously we all need to take our own security. Because you never know what being less than secure can really lead to.
On a related note, if you'd like to see how your security precautions stack up, please download our free Cyber Security Report Card and evaluate how you're doing.