CDSA

Friday DDoS Attacks Impacted M&E in a Big Way

[svg-table-content]

When cyber criminals Oct. 21 went after Dyn — which provides internet services for a host of companies — they used a a global distributed denial of service (DDoS) attack to bring down big parts of the web for most of the day

And while news sites and online retailers were among those affected, the list of media and entertainment companies hurt by the attacks was long and distinguished: Netflix, Twitter, Amazon Web Services, SoundCloud, Box, HBO Now, Spotify, iHeartRadio, Okta, Playstation Network and more were brought down in parts of the country.

Here’s a round-up of some of the top stories that developed over the weekend, following the attack.

• Friday’s massive, multi-part attack on the domain name system provider Dyn brought into stark relief the importance and fragility of the internet’s directory system, heightening fears that highly disruptive DDoS attacks will become more common. The digital assault — which relied on armies of secretly infected devices flooding Dyn’s servers with gibberish requests to look up non-existent URLs — disrupted access to Twitter, Spotify, The New York Times and other major websites before Dyn resolved its routing issues around 6 p.m. EST. Cloud-hosting titan Amazon Web Services, which partly relied on Dyn’s DNS, also experienced outages. “This shows how interconnected all of the different parts of the internet are,” Matthew Prince, the CEO of major DNS provider Cloudflare, told MC as the attack continued. “When you have something that is as critical a piece of infrastructure as one of the largest DNS providers, and they get impacted by an attack, it has spillover consequences even sometimes to people who might not be direct customers of that provider.” (Politico)

• Dyn said last week it identified “10s of millions” of unique IP addresses involved in the massive botnet DDoS attack on its managed DNS services, which knocked out Twitter, Amazon and others sites for many users. At least some of those devices are now subject to a recall, with Chinese electronics company Hangzhou Xiongmai recalling web cameras using its components that were identified as making up a good portion of the devices involved.

The webcams were cited by security experts as being susceptible to attack and inclusion in the Mirai botnet used to flood Dyn’s DNS as having default passwords that were easy to guess, making it simpler for attackers to crack their logins and incorporate them into the botnet.

Xiongmai denies in a statement made to the BBC that its devices represented the majority of those used in the attack, and indeed it appears likely that IoT hardware from a large number of different manufacturers were involved. Still, Xiongmai has instituted a recall for all webcams that use its circuit board and other components, which represents a sizeable number of devices because of how many companies Xiongmai supplies. (TechCrunch)

• It’s apparently possible that a DDoS attack can be big enough to break the internet — or, as shown in the attack against ISP Dyn, at least break large parts of it.

The DDoS attack against Dyn that began Friday went far past taking down Dyn’s servers. Beyond the big-name outages, organizations could not access important corporate applications or perform critical business operations.

As one of the largest ISPs in the world, Dyn going offline took down a significant chunk of the DNS, the internet’s address directory. DNS lets users connect to websites and online services around the world using easy-to-remember addresses instead of the server’s numeric IP designation. Thus, when the servers are unavailable, internet users cannot access any of those belonging to organizations that are Dyn customers.

“Imagine all the street signs of your city suddenly goes blank. No one knows where to go,” said Marc Gaffan, general manager of Imperva Incapsula. (InfoWorld)

• We knew major destructive attacks on the internet were coming. Last week the first of them hit Dyn, a top-tier a major Domain Name System (DNS) service provider, with a global Distributed Denial of Service (DDoS) attack.

As Dyn went down, popular websites such as AirBnB, GitHub, Reddit, Spotify, and Twitter followed it down. Welcome to the end of the internet as we’ve known it.

Up until now we’ve assumed that the internet was as reliable as our electrical power. Those days are done. Today, we can expect massive swaths of the internet to be brought down by new DDoS attacks at any time.

We still don’t know who was behind these attacks. Some have suggested, since Dyn is an American company and most of the mauled sites were based in the US, that Russia or Iran was behind the attack. It doesn’t take a nation, though, to wreck the internet. All it takes is the hundreds of millions of unsecured shoddy devices of the Internet of Things (IoT). (ZDNet)

• If you were online at all last Friday, you likely didn’t miss the massive outage that hit many big websites – and warnings about how this happened swiftly followed, not to mention advice on avoiding this kind of scenario in the future. And the biggest resultant pearl of wisdom security experts are currently preaching is: use multiple providers for DNS.

DNS or Domain Name System is, in basic terms, the system which routes traffic around the net, translating what’s typed into a browser (the URL) into the actual IP address required to ensure that the user gets to the correct web page.

Hence by hitting a major DNS provider, cybercriminals can take down multiple sites or services which use that firm – and this is what happened late last week, when DNS provider Dyn was hit by massive DDoS attack which affected a huge amount of big names including Twitter, Spotify, Netflix and Reddit.

So by using multiple DNS servers, you have some backup on hand. Dyn spoke out about this itself, and Kyle York, chief strategy officer for the company, told Reuters: “We have advocated for years for redundancy in your infrastructure. I don’t think you can ever be safe enough or redundant enough.” He added that those who used multiple DNS servers saw a lesser impact during last Friday’s chaos. (TechRadar)

• The digital dust has settled, for now at least, on last week’s Distributed Denial of Service (DDoS) attack against DNS service provider Dyn.

There have been numerous rumours of what the attack was for, and why the attackers pounded Dyn with redundant traffic designed to harm the company’s ability to serve legitimate customers.

If you’re in a takeaway trying to order a nice, quick burger, but there are 100 people in front of you in the queue who ask politely all about today’s specials before calmly walking out without buying anything, both you and the burger vendor are going to take strain. Worse still, the time-wasters don’t have to spend any money buying up products to stop you getting served, so there’s not much to limit the scale of the disruption.

However, given that we’re in the last week of Cybersecurity Awareness Month, we thought we’d leave the rumours for later and start right at the top with our tips for how to fight back against the cybercrooks in our midst. So here are some simple and general security tasks you can carry out at home (or at work!) to make life harder for the crooks. (Naked Security)