October’s Massive Cyber Attack: What You Need to Know
Last month there was a major Internet outage due to a cyber attack that affected many popular sites including Twitter, Spotify, Etsy, Shopify and more. The downtime was caused by a (get ready for the jargon) distributed denial of service attack (DDoS) against DYN DNS (one of the biggest DNS providers) enabled by a horde of Internet of Things devices (end of jargon).
What does this mean?
Let’s strip away the jargon.
DYN DNS is one of the biggest providers of DNS services on the Internet. DNS is like the phone book – it lets you look up a name (eg. www.google.com) and get the address for the service (website, or whatever). It’s a core piece of infrastructure.
A DDoS attack is when an army of systems sends junk to a service, overwhelming it. It’s very hard to stop this kind of attack, as it’s distributed. You stop some of the attackers, but there’s always more.
This is the scary part. This attack was performed by IoT devices. Cameras, DVRs, routers are all IoT devices. In this case, most of the culprits were IP cameras, manufactured by a specific Chinese company, that were infected with malware called Mirai.
Why is this important to you?
This type of cyber attack is going to happen more often. It could be an attack against core infrastructure or a vital service that is critical to your business. Imagine if your new cloud-based ERP went down for a day or more due to this kind of attack?
This kind of risk needs to be examined when selecting cloud-based services. How resilient are they and what could they do if they got attacked this way?
Worse, what if you end up the subject of this kind of attack? A few months ago, a company was offering denial-of-service attacks for $5/hour on Fiver.com. (It’s no longer offered.)
What should you be doing to prevent a cyber attack?
There are several things every business should be doing to reduce the risk of this kind of cyber attack.
First is to understand the potential risk level. Do you have business critical services that could be compromised by a large-scale DDoS attack? If so, you should be contacting those key vendors and see how they are reducing their risk level.
If you use IoT devices, such as IP cameras or sensors, a deeper level of due diligence is required. Sadly, there isn’t a standard (yet) like UL to prove the security of IoT devices.
Until there is, we have to do this ourselves to ensure any devices we use are secure and being updated regularly. Keep in mind that the makers of cheap Internet-enabled devices don’t make enough of an investment into creating secure software and updates for new vulnerabilities.
Make sure your devices are configured securely. Here are some steps you can take to do this:
- Disable all vendor-supplied accounts
- Use your own accounts with very complex passwords
- Enable secure protocols where possible
- Whitelist access to the devices (only your IP addresses can talk to them)
- Do vulnerability scans against your devices regularly to ensure there are no known issues with them
With these controls in place, you can minimize the risk and impact of a cyber attack on your business, your devices or one of your service providers.
Mike is a Technology Strategist, Project Superhero, and Cyber-Security Simplifier. He is a partner at Incrementa Consulting, a boutique consulting firm dedicated to helping businesses be more successful. You can connect with Mike on Twitter, LinkedIn or the Incrementa website.