October saw the ominous predictions of Resilient CTO Bruce Schneier in September coming true as a number of major internet infrastructure providers fell victim to cyber attack.
Schneier had warned that the companies that operated the nuts and bolts of the internet were being tested in major DDoS attacks by what he believed to be a state actor.
This is a major theme across CBR’s monthly attack round-up; but perhaps as concerning as who the attacks are targeting is the way that they are being carried out.
Again, the DDoS methodology that is being deployed here was observed in September in the attack on blogger Brian Krebs’s website KrebsOnSecurity.
These developing trends happen against the usual background of data breaches and phishing scams.
Read on to find out about Dyn, StarHub, Weebly and the Red Cross.
Believed to be one of the largest distributed denial of service (DDoS) attacks of all time, the attack on hosting provider took down several major sites such as Twitter, Reddit and Spotify which use Dyn’s infrastructure.
Starting at 11:10 AM UTC (12:10 PM BST) on 21 October, the DDoS hit the Dyn Managed DNS infrastructure. DDoS attacks flood an internet service with traffic, meaning that the server cannot cope with the demand.
Dyn began to monitor and mitigate the attack and restored service to normal around two hours later.
The attack mainly impacted customers in the US East region.
The attack could have reached a magnitude in the 1.2 Tbps range, although Dyn said that this was not confirmed.
The Dyn attack follows DDoS attacks last month on OVH and KrebsOnSecurity. According to OVH’s founder, posting on Twitter, the combined brunt of the attack amounted to around 1.1 Tbps, while the Krebs attack apparently reached 620 Gbps.
Underpinning these attacks is the malware Mirai, which Dyn confirmed as the source of the attack.
Mirai is encoded with a list of a few default passwords, including obvious words and phrases such as ‘password’ or ‘password123’. It trawls the net, looking for passive internet-connected devices such as routers and camera and inputting these passwords into the devices to try and take them over.
The size of the Dyn attack is impressive, but also interesting is the number of endpoints involved in the attack: according to Dyn, it involved up to 100,000 malicious endpoints.
This is a worrying trend, especially with the number of internet-connected devices set to increase over the coming years, and shows the need for the Internet of Things (IoT) to be properly secured.