Considerations about the October 2016 Cyberattack

Last Friday, services such as Twitter, Spotify, Paypal and popular American newspapers were down during a few hours. The reason, a DDoS (distributed denial of service) attack. Let’s examine the major implications of this attack.

A denial of service attack is a cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.

In the particular basic case of Distributed Denial of Service, this is a cyber-attack where the perpetrator uses more than one, often thousands of, unique IP addresses, increasing exponentially the scale of the attack.

According to Dyn, a Domain Name System (DNS) provider, the attack began at 7:00 a.m. (Eastern Time) and was resolved two hours later. A second and third attacks were performed during the following hours.

These attacks affected to well popular websites, which are used to receive hundreds of requests per minute. So, how could it happen?

According to the paper “Cisco VNI Forecast and Methodology, 2015-2020”, 16.300 millions of devices (including, computers, laptops, smartphones, tablets and IoT devices) are connected to Internet. And it is forecasted that there will be more than 26.000 millions in 2020. 

We are used to protect (or trying to do it at least) our computers and laptops through antivirus, firewalls, updating firmware, etc. But what about the IoT devices? Are we ready and aware to protect or update a fridge or a kettle? We know two things about the attack: it was probably the highly vulnerable devices made by Chinese company XiongMai Technologies sold throughout the world that were used to carry out the DDoS, and secondly, the malware used to coordinate these devices was Mirai, a malware that primarily targets online consumer devices such as remote cameras and home routers, that is, IoT devices. 

To make things even more amazing, the source code for Mirai has recently been published in hacker forums as open-source. So, since the source code was published, the techniques can be adapted in other malware projects.

These IoT devices (around 5.000 millions) are usually of unknown origin, with factory defects, failures configuration without updating systems that makes them totally vulnerable, who are a computer "junk". Being connected to the network, it becomes the perfect target to be infected and controlled remotely via a C&C (Command and Control), becoming part of a botnet and run automated attacks, coordinated, repetitive and "distributed" around the world against a target. These networks or nodes, (may be thousands) with people who legitimately access to a service request causes enormous resources generated by denial of service.

Are we prepared to live in a world where any connected device is exposed to cyberattacks?