This past Friday, October 21, there was a cyber-attack carried out that interrupted website access and crashed the internet. It was caused by a massive Distributed Denial of Service (DDoS) attack on a major Domain Name System (DNS) provider, Dyn. Dyn is an internet performance management company that provides core internet services for companies such as Twitter, Spotify, Reddit, Netflix, PayPal and many others. Their services provide an essential component to websites online, by translating human-friendly website names into machine-readable internet addresses. DNS services help direct domain names back to their respective IP addresses and helps route internet traffic to ensure you’re able to access the websites you want to.
How did this DDoS attack affect consumers?
The DDoS caused interrupted service for users trying to access websites hosted by Dyn, essentially causing the internet to shut down for several hours. A DDoS is characterized by a large number of hacked or ill-configured systems flooding a target site with a significant amount of junk traffic to the point that it’s unable to serve legitimate visitors. This type of activity crashes the internet and stops the ability for visitors like you to access certain websites. Dyn was maximizing their efforts to get website activity normalized, and issued a formal statement.
How did Dyn get attacked?
Due to its broad impact, the Dyn DDoS attack will likely be regarded as one of the largest DDoS attacks ever carried out. It was characterized by a series of attacks that took place throughout Friday, affecting different sets of customers. They began around 7:00am EST, affecting only customers in the East Coast, while Dyn’s Network Operations Center team was able to halt the attack after two hours. Later on, another attack occurred; affecting customers globally, although it did not affect the entire network. Dyn was able to mitigate the second attack in an hour, and was able to halt the third attack before it greatly affected any customers. Ultimately, the attack was able to completely crash internet services for all websites hosted by Dyn for a significant part of the day.
How did IoT crash the internet?
The Dyn attack was well planned and well executed, coming from 10s of millions of IP addresses at the same time. They classified it as a sophisticated attack across multiple internet locations and vectors. Through research, Dyn was able to confirm that one of the sources of traffic of the attacks came from millions of discrete IP addresses infected by the Mirai botnet. Mirai botnet is classified as malware and looks for certain Internet of Things (IoT) and smart home devices to infect. This botnet is specifically designed to exploit these devices and utilize them to carry out cyberattacks since they use default usernames and passwords and are easier to hack into. Although IoT devices are small in size and capacity, once they get infected with the Mirai botnet, they send a series of requests to another server. In this case it was highly coordinated with several infected devices simultaneously. Every new endpoint introduced, especially through IoT, presents a new threat.
This illustrates just how fragile and insecure many of these devices are, and how much you need to make sure to kick your online security into high gear and make sure you’re never the entry point for a future attack!