While you were refreshing tabs and restarting apps, big things were taking place behind the scenes of this notable attack.
Many of us noticed that some of our favorite websites were acting a little strangely on Friday. Perhaps your tweets were failing to load or your connection to Spotify was wonky. Instead of brushing this off as the result of any regular online bug or unreliable Wi-Fi, take a moment to realize that these sites’ behavior was caused by a massive online attack that wiped out a significant portion of the Internet for hours on end.
While you were frustratedly refreshing your tabs and restarting apps, here’s what was happening behind the scenes of this notable attack: hackers used publicly available source code to assemble a botnet army of Internet-enabled devices -- cameras, printers, and so on -- to launch a distributed denial of service (DDoS) attack. As we’ve previously written, DDoS attacks occur when cybercriminals inundate a server with a mass amount of fake requests for information, rendering them unable respond to authentic ones.
Avast senior security evangelist Tony Anscombe further explains the workings of DDoS attacks:
“Attacks of this type are launched by cybercriminals or organizations attempting to prevent companies or governments from carrying out their business. The artificial traffic is typically generated through botnets – this is where vulnerabilities in operating systems, routers, and even IoT devices can be targets. The devices used are either controlled by malware or through default passwords in routers and devices that have not been changed. By using thousands of devices, they can launch massive artificial traffic volumes that swamp the servers being attacked so that legitimate traffic cannot be served.”
If the DDoS attack itself wasn’t already troubling enough, it gets worse. The hackers behind this attack were able to obtain the source code that made this hack possible through the dark web. The program in question is named Mirai, a program so easy to use that even unseasoned hackers can easily get the hang of it. Mirai allows cybercriminals to take control of connected devices, using them to launch DDoS attacks.
In the case of this hack, DNS provider Dyn was attacked and left incapable of overseeing and directing Internet traffic. The attack kept users from accessing some of today’s biggest names in online media, including Twitter, Spotify, Tumblr, Netflix, Amazon, and Reddit, as well as other sites.
Anscombe continued: "The DNS attack on Dyn underscores the critical need for business, especially service providers, to be proactive about putting advanced security protection in place. Providers like Dyn, who offer access to very high Internet traffic because of the nature of their business services, are attractive targets for DDoS attacks as the disruption can maximize the disruption caused through the attack. There is also significant responsibility on the IoT industry to ensure devices are secure and are not vulnerable to being exploited by cybercriminals for use in botnets. Secure by design should be the starting point for any IoT device.
"Businesses and consumers also need to ensure they have up-to-date security software on PCs, Macs, smartphones and secure devices so that they can not be used to generate unauthorized traffic. Businesses that want to proactively mitigate against such attacks should contact a specialist security reseller for advice on how to secure their infrastructure."
Join Avast's Avast's Christopher Budd at the National Council on Aging's Age+Action Conference to learn how to protect elders from tech support scams.
Avaddon ransomware group targeted Asia-based insurer AXA with DDoS attacks and ransomware just a week after the insurance company announced it was dropping support for ransomware payments in France.