The Mirai Botnet, DDoS and the Future of Security

There’s been a lot of talk about “breaking the internet” over the last few years. But this time, it has nothing to do with Kim Kardashian or Christmas sweaters. In October of 2016, the internet quite literally did shut down after Dyn, the New Hampshire-based service company, was hit with a "massive distributed denial of service attack.”  Dyn asserts that there were more than 100,000 malicious endpoints to the DDoS (distributed denial of service) attack that almost “broke the Internet”—with an extraordinary attack strength of 1,200 gigabytes per second. Malicious requests from tens of millions of IP addresses flooded in, disrupting the system and causing absolute chaos. But now, for the question—or rather, questions—on everyone's mind: How did this attack occur? And what does it mean for my business?

Well, it was clever. Very clever. In fact, it didn’t crack its security; it went around it. In this article, we’ll discuss how the Mirai Botnet and DDoS have turned the future of internet security on its head.

As a company, Dyn controls a great portion of the Internet's domain name system infrastructure. And on October 21, it experienced a huge surge of traffic—far more than it was equipped to handle. Heavily-trafficked sites such as Twitter, the Guardian, Netflix, Reddit and CNN in the U.S. were all brought to a standstill. And more than that, thousands of other online retail operations—truly, too many to name—were disrupted, plus thousands of business sites in the U.S. and U.K. also crashed—all resulting from the surge.

The attack was blamed on what is called a botnet, or a number of networked computers infected with malware that are then hijacked and tricked into bombarding a service with traffic until it collapses. One specific network of malware-infested computers has taken the blame, however, for the DDoS attack—the Mirai botnet. The Mirai is an unusual botnet. It was created to work through the Internet of Things (IoT); these ‘things,’ are internet capable devices such as digital cameras, fitness trackers and smart watches, DVD players, etc. In essence, any device that is connected to the Internet.

Experts estimate that Mirai hijacked tens of millions of devices during the attack. The surge of traffic sent to Dyn's servers was twice as strong as any previously recorded attack.

The open-source botnet used a simple technique wherein it scanned for devices using default username and password credentials, giving itself instant access to devices to power its DDoS attack.

Arguably the worst part of what transpired in October? Officials aren’t exactly sure why this all happened. That is to say that they haven’t cracked the hackers’ motive. What were they looking for and what were they trying to accomplish?

The IoT will continue to grow as more network-enabled devices enter the marketplace as will the threat of ever more sophisticated attacks. The Digital Attack Map is an interesting way to observe real time attacks and to get a feel for how pervasive these attacks have become all around the globe. This map was put together by a partnership between Google Ideas and Arbor Networks in an effort to highlight the need for coordinated defensive measures by industry and government. The Mirai incident also highlights the need for more security professionals working toward building safeguards into the Internet, and for companies, both large and small, to take advanced steps to better protect themselves.

The threat of future botnets and, even as of yet, unimagined hacks will be an ever-present threat that a simple business firewall will not prevent on its own. The amount of best practices out there for companies looking to protect themselves can be overwhelming.

It’s a good idea to start by reviewing and testing your company’s current disaster recovery program. However, be sure not to simply focus on technology alone—specific attention also needs to be paid to making sure the right people with the right skill sets are in the right places. Looking into managed service providers with options for disaster recovery as a service may be a good option for companies with small teams and limited budgets. There is no “one size fits all” solution so look for flexible options that can be tailored to your specific business needs and partners that have deep expertise in your industry.

We’ve previously written about the Three Core Essentials of IT Risk Management. This article dives into more detail on Infrastructure Management, Security, and Disaster Recovery. Take a look to make sure that you have the fundamental processes for maintaining your company’s security on lockdown.

Sources:[MC1] 

http://mashable.com/2016/10/25/dyn-investigation-ddos-attack/?utm_cid=hp-r-3#ywjGbR8kzqqa

https://www.theguardian.com/technology/2016/oct/26/ddos-attack-dyn-mirai-botnet

http://www.zdnet.com/article/how-to-defend-against-the-internets-doomsday-of-ddos-attacks/?ftag=TREc64629f&bhid=24610997551674372985815076772389