By Jim Romeo, Guest Blogger
On October 21, 2016, Dyn, a Domain Name System (DNS) provider fell victim to a DDoS attack.
The New York Times, a victim of the attack themselves, described the attack in an article published the day after the attack:
“Few have heard of Dyn, but it essentially acts as one of the internet’s giant switchboards. Bring it to a halt, and the problems spread instantly. It did not take long to reduce Twitter, Reddit, and Airbnb — as well as the news feed of The New York Times — to a crawl.”
It was debilitating for Dyn’s customers and impacted their customers’ customers. The damage multiplied and was numbing for those affected. It wasn’t just an ordinary attack, but one that proved that ordinary hackers with an agenda can cause plenty of damage.
Smart internet security practices always aim to patch holes and vulnerabilities in order to reduce risk and mitigate circumstances. But for the cybercriminals who plot attacks, as one door swings closed to them, another door swings open. As time goes by, attackers are smarter, faster and able to launch with even greater impact, raising the risk of recurrence and accompanying damage.
So, what can we learn by looking back at the Dyn attack one year later?
- Think like a hacker. This is true for customers of multi-tenant service providers. The watch phrase is “caveat emptor” or buyer beware. If we think like a hacker, a multi-tenant service provider is an opportune target to cause greater damage – for whatever the motive – in a short period of time and with minimal effort. They could be a proverbial hacker, a hacktivist, or a nation-state working through operands to send a message – and a service provider is where they can reap the best return on their effort. If we view our relationship in a supply chain of information technology service providers, we can best understand where a hacker is most likely to strike. This will allow us to find holes and mitigate any foreseen risk in this supply chain.
- IoT is an increasingly fertile playground for a DDoS attack. In the Dyn attack, upward of 50,000 IoT devices such as cameras and other devices became a tool of the Mirai botnet. This tactic has grown in popularity, and so have IoT networks. IoT is now incorporated in many business models as part of overall business strategy and management. There are about 15 to 20 billion IoT devices around today and that number is predicted to grow to 50 billion by 2020. IoT growth means device growth (more cameras, more sensors, video recorders et. al), which means more places and things for a malicious botnet to form.
- Implement a bottom-up security tightening of all IoT devices. This means authentication, password protection, security software, asset inventory control, and any other security tactic applicable. Make device security part of the purchase decision for any IoT device. Ensure that securing such devices is possible and controllable as part of any IoT roll out or investment.
- Audit and update your own security policies – and that of your suppliers. The weakest link in a potential attack may be a cavalier approach to disaster recovery, data protection, and good information security hygiene. A smart approach in preventing your company from becoming a victim of a DDoS attack, like customers of Dyn, is to ratchet up their scrutiny of the security policies and plans. Create a risk profile that incorporates all the latest attack tools and tactics and incorporates such threats as IoT, ransomware, and new and emerging threat risks that have risen since October 21st of 2016.
The New York Times stated in their article: “The culprit is unclear, and it may take days or weeks to detect it. In the end, though, the answer probably does not mean much anyway.”
It could happen again. It could also repeat with even more force and more loss. The best offense is a strong defense. The attack could be from anywhere at any time and use a large gateway to inflict the most damage on the most parties.
Editors Note: This is a guest blog and the author is responsible for all the opinions expressed and presented facts and data. If you are interested in submitting a guest blog, please write to us at community [at] infoblox [dot] com.