Internet of Things hijacked and externally controlled for mass DDoS attacks, taking Twitter, Soundcloud, Reddit and others offline.
A Distributed Denial of Service (DDoS) attack is an overwhelming flood of traffic to a targeted system in order to make website or service unavailable. It can be from a Botnet which has control of multiple systems, and then all at once these infected devices target a single server. This mass attack is more than the server can handle, thus leaving the website or service inaccessible.
Recently, Botnet Mirai, had tens of thousands of Internet of Things (IoT) devices target DNS provider Dyn. As a result of this, major websites such as Twitter, SoundCloud and Spotify were knocked offline and made unavailable for several hours. Other sites effected by Botnet Mirai include Airbnb, Reddit, Freshbooks, Github, among many others.
Just before this attack was the Mirai Botnet attack on KrebsOnSecurity.com, which, according to the engineers that blocked the attack, was the largest DDoS attack they’d ever seen. The source coding for Mirai Botnet has since then been leaked onto a hacker forum website, and Mark James, ESET IT Security Specialist, informs us of the future of DDoS.
“DDoS seems to be more widely used these days to cause disruption and nuisance, as more machines become available to be infected: thus more opportunities for IoT to be drafted into possible botnet type activity, as the resources available are growing more and more.
“DDoS of course may not only be used to make a statement or bring voice to your protests; it may, and has in many occasions, been used as a smokescreen to cover other nefarious purposes that may include data theft and malware infection.
“We will almost certainly see a surge in DDoS activity due to the release of this source code, if not for specific reasons than people having “a play” with the code to see what it does.
“We all need our daily fix of the digital programs that are so intertwined into our daily lives, and when those services are down we tend to get a little edgy.
“The biggest problem is that by their very nature, IoT devices are designed to be connected and often remotely managed.
“One of the biggest failures encountered in the security of these devices is not changing the default passwords used from setup.
“I would recommend that anyone concerned about their hardware should immediately reboot or ideally switch off that device completely and RESET their devices to factory settings, then immediately change the default password if not already done so.
“The tech teams involved are, I am sure, working as hard as they possibly can to get them all back up and working as soon as they possibly can.
Did you notice the downtime? Let us know on Twitter @ESETUK
Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.