DDoS Attack Exposes Growing Concerns
Early this morning, a large distributed denial of service attack (DDoS) directed at the Internet performance management company Dyn caused Web site outages for a number of its customers, including Twitter, Reddit, Spotify and SoundCloud.
Services were restored to normal by 9:20 a.m. Eastern Time.
Question – What is a DDoS?
A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. They target a wide variety of important resources, from banks to news websites, and present a major challenge to making sure people can publish and access important information.
Why Are Reports Like This a Concern?
While today’s DDoS attack was resolved relatively quickly, a number of news sites described it as having shut down “half the Internet” for users on the East Coast. In addition to customers, such as Twitter and Reddit, Dyn’s client list includes large sites such as About.com, CNBC, Etsy, RedHat and Zillow.
The scale and scope of DDoS attacks have been growing dramatically over the past year or so. Last month, for example, the KrebsOnSecurity Web site was temporarily brought down by a recording-breaking DDoS attack generating traffic levels of up to 620 Gbps. Shortly afterward, the France-based hosting company OVH sustained a DDoS attack that was nearly twice as massive as the one on Krebs’ site.
A Growing Concern
Security experts are blaming the rise of increasingly massive DDoS attacks on the rapidly expanding number of network-connected devices on the Internet of Things (IoT). Earlier this month, researchers identified a 12-year-old vulnerability in the OpenSSH security utilities suite, noted that weak protections on IoT devices has helped to create the “Internet of Unpatchable Things.”
The size of these DDoS attacks has increased so much lately thanks largely to the broad availability of tools for compromising and leveraging the collective firepower of so-called Internet of Things devices which often include poorly secured Internet-based security cameras, digital video recorders (DVRs) and Internet routers.
What all these connected devices have in common is the existence of security vulnerabilities caused by a flawed software design or gross negligence on the part of their manufacturers that all often use the same factory passwords for all their devices.
Question – What is The Internet of Things?
The Internet of Things (IoT) is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.
A thing, in the Internet of Things, can be a person with a heart monitor implant, a farm animal with a biochip transponder, an automobile that has built-in sensors to alert the driver when tire pressure is low — or any other natural or man-made object that can be assigned an IP address and provided with the ability to transfer data over a network.
IoT has evolved from the convergence of wireless technologies, micro-electromechanical systems (MEMS), microservices and the internet. The convergence has helped tear down the silo walls between operational technology (OT) and information technology (IT), allowing unstructured machine-generated data to be analyzed for insights that will drive improvements.
The security of the internet is a complex and often overwhelming challenge. What at one time was simply computers connected together via the internet is now smartphones, mobile devices and technologies of every type from your refrigerator, HVAC system and medical devices such as heart pacers.