As you may be aware, several large and popular Internet sites were made very difficult to access a few days ago. This was due to two separate Distributed Denial of Service (DDoS) attacks. These were not attacks against the web sites themselves, but against a popular DNS provider, Dyn. The services themselves were still operational, but the lack of DNS services (Dyn) did not visitors to find the IP addresses for those web services.
While it’s early days, the initial reports suggest that the attack was hosted from a class of devices known as The Internet Of Things (IoT). Think about webcams, DVR’s, routers, fridges, televisions, home automation, security systems, light bulbs, and so forth. These are connected to the Internet, and are often directly accessible from the Internet, with little or no protection making them easy prey. In this instance it would appear they were infected with the Mirai malware that turned them in to a huge army ready and willing to do whatever the malware told them to. This time it was a Distributed Denial of Service (DDoS).
This attack servers as a timely reminder that even the most seemingly innocuous device can be used to cause harm or participate in attacks. Producers of these devices are being reminded that good security is not an optional extra. But it’s not just the producers, when we buy and install these devices we should always remember to do the basics :
- Protect them from unauthorized access by restricting who can get to them
- Stop them going out to untrusted web sites where they can pick up malware (televisions are a good example of this)
- Change the default passwords before they made generally accessible
- Apply any updates or patches the vendor provides
- Install antivirus if the device is capable or running it (for example, if the device is actually a full computer)We hope you continue to enjoy the rapidly increasing connectivity our everyday devices have, and do it safely to protect yourselves and the rest of the internet!