This past Friday, a massive DDoS attack aimed at Dyn resulted in many major websites such as Twitter, Amazon and Paypal becoming completely inaccessible to many users. Part of the reason the scope of the attack was so wide is that the hackers used an army of IoT objects to overwhelm the Dyn servers. To understand how this happened, let’s go back a few weeks.
The first attack: KrebsOnSecurity
On September 20th a DDoS (Distributed Denial of Service) attack was aimed at KrebsOnSecurity. It was one of the biggest attacks ever seen at the time–and was particularly alarming as it made use of IoT objects. In the following weeks, the hackers shared the source code for the malware they used: Mirai.
The Mirai malware scans the Internet and looks for vulnerable devices in order to use them to launch an attack. The source code was shared online and used last Friday as part of the attack on Dyn.
The attack on Dyn
Dyn is an internet infrastructure company. Their Domain Name System (DNS) servers connect web addresses (e.g., www.swensonhe.com) to the IP addresses needed to find and connect to the right servers in order to have access to content. A DDoS attack floods these servers with so many requests that the servers are overwhelmed and can’t complete any of them. An army of IoT objects, mostly DVRs, was used to increase traffic to the servers – many without the owner’s knowledge.
Dyn faced three waves of attack: the first at 7am, then noon, and finally 4pm Eastern. This attack was the biggest attack to date and brought down several major websites. The users trying to access these websites who hit refresh again and again only added to the strain on the servers, making the attack all the more difficult to counter.
How to protect our IoT objects
Three very simple measures can be taken in order to avoid our IoT objects from being used to bring down the Internet again:
1- Reboot them
Rebooting them can help remove any already-present malware. Though this isn’t always effective (sometimes measures like hard resetting must be taken), it is a good precaution.
2- Change the password
The Mirai malware scans the Internet for vulnerable objects, like devices with default passwords or passwords that haven’t been updated. A complicated password with capital and lowercase letters, numbers and symbols is most effective. Manufacturers like Samsung are starting to ask users to change passwords.
Updating IoT objects frequently helps prevent the malware from easily gaining control of the object.
Taking these steps will not only prevent IoT objects from being used in a cyber attack but also prevents them from being controllable at a distance. No one wants a hacker to have access to objects inside their home, and these simple steps can significantly reduce risk.