A massive cyber-attack against US DNS service provider Dyn knocked out major websites across the Internet last Friday. The attack shut down several websites, including Netflix, Twitter, Amazon and The New York Times. The Internet service was disrupted for almost 11 hours, affecting more than one billion customers around the world.
Cyber crooks are always looking for ways to exploit the latest, most innovative technologies to carry out attacks like those we saw just a few hours ago. Are we in the Age of Internet Attacks? The latest PandaLabs Quarterly Report already warned of the huge number of large-scale distributed denial-of-service (DDoS) attacks that have been occurring over the last few months, and the way many of them are exploiting botnets made up of not only computers but also smart devices like IP cameras.
The recent DDoS attacks reflect the new approach taken by Black Hat hackers when it comes to launching new, more devastating campaigns that combine everyday devices and malware to form highly dangerous armies ready to launch DDoS attacks.
Probing Internet defenses
Just one month ago, security guru Bruce Schneier, published an article with the most revealing title: ‘Someone Is Learning How to Take Down the Internet.’
The recent examples of denial-of-service attacks flood servers with useless traffic that overburdens Internet bandwidth and prevents legitimate users from accessing targeted sites. Attacked servers become saturated with the huge number of requests.
The article explained that the best way to take down the Internet is through a DDoS attack like the one suffered by Dyn, and how some of the major companies that provide the basic infrastructure that makes the Internet work have seen an increase in DDoS attacks, in what seems to be an strategy to gather information and see how well these companies can defend themselves.
A few weeks ago, the website of Brian Krebs, a US journalist specialized in computer security issues, was taken offline as he fell victim to the largest DDoS attack to date. He was only able to go back online after Google came to the rescue.
This attack adds to the list of those suffered by a number of tech giants over the last few months, such as the hack of 500 million Yahoo accounts back in September, or the theft of 60 million Dropbox user IDs and 100 million LinkedIn passwords.
It is precisely the success of the Internet, with billions of connected devices worldwide, that makes it so appealing to criminals willing to exploit its vulnerabilities. Many of these devices lack basic security measures, making them easy prey for hackers and, in this context, any organization, media company or social networking service can become the victim of the next attack.