A few days after the attacks incredibly massive attacks suffered in two stages by Dyn, a provider of Internet service including the DNS management, information, estimates on affected devices and theories on the potential culprits keep on arriving. Very high profile sites such as the social networks Twitter and Reddit, famous online services such as e-Bay, Netflix and Spotify and other sites have been hit more or less hard. The involvement of many devices for the Internet of Things shows how their security is too often non-existent.
DDOS attacks are unfortunately frequent and sometimes are really massive. CloudFlare, a company that provides Internet services, including security-related ones, has frequently defended victims of attacks and in February 2014 was itself the victim of what at the time was the most massive DDOS-type one. Today, the spread of mobile devices that can be infected by malware and of devices for the Internet of Things is increasing significantly the potential of the attacks and as a result of the damage they can cause.
In the occasion of the attack suffered by CloudFlare, its CEO Matthew Prince stated that it was a sign that ugly things were to come. Unfortunately, his fears were fully confirmed. In various articles the last Friday ones were defined hacker attacks but in fact they were well organized and sophisticated cyber attacks, real cyberwar maneuvers.
According to experts who examined the data about Friday’s attacks, a number of botnets, meaning groups of infected devices controlled from the outside, were used. Among them there was at least one ran using a malware called Mirai specialized in hitting devices for the Internet of Things. The strong growth in the number of these devices is a serious cause for concern because of their safety, too often really poor or non-existent.
Paradoxically, among the devices with major security issues there are some that are supposed to improve safety. We’re talking about security cameras and DVRs, which today exist in models for the Internet of Things. In essence, it’s now possible to run an Internet surveillance system using a smartphone or a tablet wherever there’s a connection.
Potentially, this type of system is very useful, alas too often it’s not configured properly to avoid getting used by persons other than its owners. In particular, too often default factory username and password are not changed by the purchaser at the time of connecting the equipment to the Internet. This makes brute force attacks extremely easy with the result that it was estimated that already more than 500,000 devices have become “zombies” because of the Mirai malware.
The analyzes of the attacks began when they were still in progress. Brian Krebs is a computer security expert who in September was himself a victim of an attack of that kind that for several days put his blog off-line. Later that blog was put under the Google’s protection. Krebs published his first comments about the attacks on October 21 but you can also read his subsequent articles about those events.
Unfortunately to limit this kind of dangers the cooperation of the various parties is required, meaning ISPs to improve security measures, producers of devices for the Internet of Things to implement a decent security and users to apply it in the devices they buy. Until that happens we can expect worse and worse attacks.