Most likely you were affected by last Friday’s DDoS attack. Everyone awoke and found many popular Internet sites slow or unresponsive. This was due to a multi-pronged attack against Domain Name Service (DNS) provider DynDNS and on Amazon Web Services. Affected sites included Twitter, Spotify, Soundcloud, and many others.
Without getting into too much technical detail, a DDoS attack utilizes thousands of compromised systems to flood a service – in this case Dyn and AWS – with so much traffic that its servers are overwhelmed trying to respond to it. It took Amazon and Dyn a couple of hours to restore normal operations.
The exact cause and ultimate size of Friday’s attack hasn’t been pinpointed yet, but other recent attacks were conducted by compromised Internet-of-Things (IoT) devices – think toasters and refrigerators with built in connectivity. I’ve been amused by the predictions of how IoT will take over the world without any problems when as yet we can’t even effectively manage security on the much smaller number of devices we already use. IoT devices use very simple embedded operating systems – most with minimal security – and many with undocumented embedded backdoor access mechanisms from their manufacturers.
So what can be learned? A couple of things.
First, a reminder. If you are 100% reliant on Cloud services, you have to be prepared for downtime and have a plan for how you’ll respond.
Second, be very careful with IoT devices on your business network. Heck, be careful with them on your home network. Most offer no option to monitor or manage what they are doing or what information they are collecting. If you have IoT devices that you want to leverage at your business, plan to deploy them securely on an isolated network.
Finally, consider updating your employee policies to cover bringing these devices into your organization. This is similar to employees bringing in their own wireless notebooks/tablets/etc., but now there can be many more varieties of devices.