Dyn, a New Hampshire-based computer firm whose specialty is in providing the means to access websites through its servers, was brought offline by a sequence of large cyberattacks last Friday. This recent attack highlights the continued challenges that persist in cybersecurity and how the cyber-threat landscape is ever-changing.
Dyn’s servers were compromised via a distributed denial of service (DDoS) cyberattack. Dyn was overloaded with so much internet traffic that they could not respond, and subsequently crashed, temporarily keeping users from accessing popular websites such as Twitter, Netflix, Spotify, AirBnB, Reddit, and Etsy.
While DDoS attacks are not new, this variant of attack reflects how lax security in modern technologies is creating an additional level of concern. In this particular attack, internet-facing devices such as CCTV and web-based video cameras, DVRs, and routers, were utilized to form a botnet–a coordinated group of computers–to consolidate and attack Dyn.
Several computer security firms have attributed parts of the attack as being carried using botnets formed using the Mirai and Bashlite malware–malicious software also linked to some of the largest recorded DDoS attacks to-date.
The Mirai malware code was publically released toward the end of September, allowing anyone to utilize the malware to launch an attack. Mirai scans Internet of Things (IoT) devices for those with weak security using a set 61 default usernames and passwords. A recent investigation by Flashpoint researchers identified 500,000 Internet of Things devices as being vulnerable to infection by Mirai. The Bashlite malware family is reported to have access to more than one million devices.
Chinese manufacturing company, Hangzhou Xiongmai Technology Co., is currently underfired as a number of their devices in particular were found to have been used in the attack–though only constituting a fraction of the total devices. The company has since announced a recall of 10,000 compromised devices.
As DDoS and cyberattacks become more sophisticated and widespread, it is crucial for organizations, governments, and individuals to be aware of the threats they present. In the short term, mitigating the threat of a DDoS attack spans no further than simply increasing networks’ bandwidth. But for the time being, private, government, and international organizations should continue to work together to help mitigate the proliferation of botnets. The Department of Homeland Security has announced they are investigating the attack.
Governments and private industry must continue to work together to ensure the technologies they purchase, both domestically and internationally, hold a reasonable level of security to prevent from being used in these sorts of attacks in the future.
Attributing this attack to a single malicious actor or group will surely be difficult if not near-impossible. The U.S. must remain vigilant in face of the growing number of cyberattacks.
Source material can be found at this site.