The day the world went dark

How would you approach a DDoS attack in your business?
By Andrew Potgieter, Security Solutions Director at Westcon-Comstor Southern Africa
On Friday 21 October the “Day the world went Dark”, a major US-based DNS hosting company DYN Inc. experienced what is arguably the largest distributed denial of service (DDoS) attack in history on its servers. At 4:22 PM EST the company was reported as saying “Looks like this is probably going to get worse before it gets any better” as they were hit with a third wave of attacks. The attacks on tens of millions of IP addresses at same time sparked a global crisis of what one could only describe as nuclear proportions.
The most crippling aspect of the attack, conducted by the group New World Hackers, was really how unprepared those companies at the end of the attack were for the situation, which quickly escalated to a crisis for many of those “born-in-the-cloud” businesses 100% reliant on their websites for their livelihood. Some of the best-known sites affected included: Twitter, Spotify, PayPal, Amazon, Netflix, Tumblr, Etsy, DropBox, Pinterest, Basecamp and AirBnB, with dozens more, too.

Behind the scenes of 21 October attack
But what sparked this almost situation room and warlike response to the attacks and how did this attack take shape?
DDoS attacks work by a collective targeting of a website or host with so much traffic that the service can no longer cope and becomes unavailable, hence the term Distributed Denial of Service. In this instance the DDoS targeted the Domain Name Servers (DNS) of DYN Inc., the service provider. DNS is, in short, the Internet’s ‘phone book’ and when you type in a website address this needs to be translated to the physical address of the server(s) hosting it. If the DNS provider who holds these address translation tables for your website is down, in this case DYN, your site is down.

How did they get in?
According to ComputerWorld a Chinese electronics component manufacturer has admitted that some of its products inadvertently played a role in the cyber attack on Friday. The company sells DVRs and Internet-connected cameras, some of the devices that enable the Internet of Things (IoT). These devices come with weak default passwords which, if not changed, enable malware infections of the devices. These infections enable attackers to create one large connected network or botnet by taking over control of the devices.

An IoT botnet
But they are not alone, with the number of IoT devices growing and the lackadaisical approach by end users to change the passwords on these devices it was very easy for the New World Hackers to use the IoT malware Mirai (available on the dark web) to take hold of their websites and literally bring the Internet to its knees.
By enslaving IoT devices, which could be your CCTV camera in your home or the office, your kettle, fridge, web camera, home automation system, or anything else connected to the Internet, Mirai’s massive connected network bombarded the websites in question. It is estimated that there are over 500,000 (known) Mirai infected devices in the market as we speak.

Why is this terrifying?
Let’s argue for a minute that this attack hasn’t woken up people to the threat of weak default passwords and consider that with an anticipated 25 billion (this figure varies depending on source) connected IoT devices in the world by 2020, the global consequence of an attack of this nature could be viewed as of ‘nuclear proportions’.
The message from the hactivists in this particular DDoS attack doesn’t seem to be one of malice, instead they are urging the company to put better security and servers in place with redundancy, or they will bring the Internet down.

So what can you do?
Update all your passwords and, in particular, those devices you have installed on the periphery, such as CCTV cameras, home automation systems, smart TV’s etc. While the US might be more IoT savvy than South Africa at this stage, the evidence of this attack is that it was conducted globally and from multiple geographies, with new waves coming from new areas throughout the attack, so your CCTV cameras in SA might well have been used to ping traffic in this particular event.

Is your business ready for DDoS?
One thing is clear, even with all the foreseeable security you can purchase put in place, companies must adopt a risk-ready approach. While a DDoS attack may constitute a risk for some it may well be a crisis for another.
Three things you need to ask of your business today are:
* Firstly, what is the potential severity of a DDoS attack on your business based on how important being online is to your business?
* Secondly identify ways to mitigate the risk and that means talking to your service providers and security vendors to ensure you have a plan to manage it.
* And lastly develop a crisis preparedness programme – fixing the problem isn’t enough if it has had a negative impact on your clients – you will need to communicate with them so have those answers ready.
Once you have answers to these questions you need to take a closer look at the overall IT security of your business. Securing at the perimeter is no longer enough – security needs to be the glue that holds everything together. It must be everywhere, from the device to the server, to the cloud and through all endpoints, right back through to all of your service providers.
Naturally some of these attacks are going to be inevitable so its critical to establish a plan on how to deal with these unfortunate eventualities, which again begs of your business to develop crisis communication strategies for IT security breaches today. If Friday has alerted us to anything, it is that you need to be asking of yourself “what if it happens to me?”
As a consumer perhaps its time to reflect on how one will survive when the IoT is so pervasive that we can’t function in society without access to the Internet, as our banks, petrol stations, electricity and everyday appliances are all connected. Perhaps then governments will have Internet-based situation rooms and these attacks will start being considered with the same severity as a nuclear strike.

Who the attack hit
According to Gizmodo.com’s readers these are the sites they had trouble accessing on Friday 21 October 2016. The list is by no means the full list as other sources have cited other sites too:
ActBlue
Basecamp
Big cartel
Box
Business Insider
CNN
Cleveland.com
Etsy
Github
Grubhub
Guardian.co.uk
HBO Now
Iheart.com (iHeartRadio)
Imgur
Intercom
Intercom.com
Okta
PayPal
People.com
Pinterest
Playstation Network
Recode
Reddit
Seamless
Spotify
Squarespace Customer Sites
Starbucks rewards/gift cards
Storify.com
The Verge
Twillo
Twitter
Urbandictionary.com (lol)
Weebly
Wired.com
Wix Customer Sites
Yammer
Yelp
Zendesk.com
Zoho CRM
Credit Karma
Eventbrite
Netflix
NHL.com
Fox News
Disqus
Shopify
Soundcloud
Atom.io
Ancestry.com
ConstantContact
Indeed.com
New York Times
Weather.com
WSJ.com
time.com
xbox.com
dailynews.com
Wikia
donorschoose.org
Wufoo.com
Genonebiology.com
BBC
Elder Scrolls Online
Eve Online
PagerDuty
Kayak
youneedabudget.com
Speed Test
Freshbooks
Braintree
Blue Host
Qualtrics
SBNation
Salsify.com
Zillow.com
nimbleschedule.com
Vox.com
Livestream.com
IndieGoGo
Fortune
CNBC.com
FT.com
Survey Monkey
Paragon Game
Runescape

Comment on This Article

Your email address will not be published. Required fields are marked *

About Us

Westcon SA is a value-added distributor of category-leading unified communications, network infrastructure, data center and security solutions with a global network of specialty resellers. Our teams create unique programs and provide exceptional financial and technical support to accelerate the business of our partners

  • As a strong strategic partner, we offer superior account management backed by a dedicated team of responsive and reliable experts who are totally focused on your business
  • We offer the financial strength and breadth of global capabilities to manage your changing needs
  • We have a proven route to market for products and services from the vendor through to the end-user customer.

We accelerate our partner’s business by enabling and supporting them through a series of unique programs and capabilities.

  • Vendor Engagement
  • Accelerated Training
  • Business Consulting
  • Proof of Concept
  • Marketing Resources

 

Westcon Works

Westcon SA is the smartest choice to revolutionize your business! It doesn’t matter if you focus on enterprise or small to medium business opportunities, or if we are in an economic down-turn or in a bull market, a business partnership with Westcon SA will take your business to a whole new level.

At the core of our Westcon Works partnering model resides your sales cycles, and the associated challenges. It provides a common language, allowing us to address strategies for helping resellers be more effective and focus on what they do best, while together we define how Westcon SA can fill in the rest.

read more

Contact Us

Telephone: +27 11 848 9000

Email: info@westcon.co.za

Web: www.westcon.co.za

Address: Westcon Building, 1 Tugela Lane, Waterfall Logistics Precinct, Corner of Bridal Veil Road and K101, Jukskei View, Midrand

read more

People of Westcon

Guy Whitcroft, CEO

Uwe Brandkamp, Sales Director

Uwe Brandkamp, Sales Director

Robyn Newel, HR

Robyn Newel, HR Director

Bridget Nkuna, Marketing Director

Elmien du Toit, Special Projects – Compliance

Elmien du Toit, COO

Andries Coetzee, CFO

Andries Coetzee, CFO

Tiens Lange, Communications

Tiens de Lange, Unified Communications and Collaboration

Heinz Stephan, Consumer Solutions

Heinz Stephan, Services

Kevin Norton, Mobility

Kevin Norton, Mobility

Andrew Potgieter, Security – Data

Andrew Potgieter, Security

Leane Hannigan, Cloud

Louise Taute, Comstor

Jaco Malan, Academy

read more