Recap on the Recent DNS Security Attack

Recap on the Recent DNS Security Attack

On Friday, Oct. 21st, there was a massive DDoS cyberattack that targeted Dyn, Inc., one of the largest DNS (domain name system) providers in the country. The attack knocked many big name websites offline – including Netflix, Amazon, Spotify and Twitter – and affected millions of users around the country. The first wave of attacks were reported on the east coast, with two more subsequent attacks to follow, eventually affecting a large portion of the country.

At the most basic level, a DDoS (Distributed Denial of Service) attack occurs when a hacker floods a website or web service with junk traffic so that it can no longer handle the legitimate incoming visitors or connections. The server gets overwhelmed, eventually slowing down or shutting down the system and interrupting service.

While DDoS attacks are not new per se, recently we’ve seen an uptick in popularity and size of such attacks, largely due to the broad range of tools for compromising networks and the Internet of Things (IoT) movement, which has led to an increased number of devices (webcams, DVRs, other household appliances, etc.) with no or very minimal security in place. 

Because Dyn offers Domain Name System (DNS) services, essentially acting as an address book for the Internet, hackers have a much larger playing field by targeting it, and can disrupt service for any end user whose DNS requests route through a given server.

In the event of the Dyn DDos attack, malicious requests were coming from tens of millions of IP addresses disrupting the systems. Reports have indicated that the attack was waged from devices infected with Mirai, a malware code that was released on the web in recent weeks. The Mirai botnet looks for certain Internet of Things (IoT) and smart home devices, such as those that are using default usernames and passwords, and turns them into bots to use in cyberattacks.

While security experts are sure to be closely examining this incident, to date it’s not obvious who was behind this attack. However, the fact that the attackers were able to disrupt the DNS provider used by some of the most popular websites tells a lot about their abilities and desire to be as disruptive as possible.

Soon enough cybersecurity experts will come up with better ways to avoid or minimize the impact of such attacks in the future. But in the meantime, we as consumers and users of the Internet of Things need to be diligent about learning all we can about locking down our personal devices and keeping up with the best practices for keeping these items secure.

If you have questions about this incident or want to learn more about device and data security, don’t hesitate to contact IT Solutions for more information.

© 2020 IT Solutions Consulting, Inc. All rights reserved... Privacy Statement  |  Site Map