Last Friday October 22, the information superhighway hit a few potholes by way of a DDoS attack. Some of you might be thinking “DOS,” or “Disk Operating System,” but this is a Denial of Service attack. Officially, it is a DDoS attack – just put the word “distributed” in front of the acronym. Some of our clients were impacted by this, but mostly because they could not reliably access certain websites. This only appeared to affect the United States. This maneuver was pretty well thought out. For years there have been reports that malware and viruses can attach to a phone or any other internet-connected device, but if you don’t see a virus warning then how do you know that there is a problem? If you don’t have an antivirus application looking for viruses, then you probably would not know. Can you install antivirus on a network connected printer? Despite best efforts, some malicious programs evade mitigating mechanisms anyway because they are not displaying signatures that the antivirus or firewalls are programmed to look for.
So what really happened last week? Gizmodo.com reported “today a massive DDoS attack took out a major piece of the internet infrastructure.” That paints the picture of crews of workers gathering smoking piles of internet and hauling it away in dump trucks while other crews install new pieces of internet.
First, it helps to have an understanding of how the internet works. It’s basically a bunch of wires that connect devices together. I describe it as a highway and road system. You leave your house and drive onto your street. You see road signs that tell how to get to other places. You encounter stop signs, traffic lights and eventually take the on ramp to an interstate highway. You drive for a while and take an off ramp and experience the same types of signs and traffic controls until you reach your destination. Going to a website is similar. You type a website name in an internet browser and hit enter. Your computer sends the request out your virtual driveway (your local network) and onto a local street (your ISP’s network) looking for directions. A virtual road sign is a DNS server which takes the website name and translates it to an IP address. The request then heads to the on-ramp to the internet and it finds your destination through a series of traffic lights, or routers.
A DDoS attack can happen several ways. One way is to overload a DNS server with junk requests so it can’t process legitimate requests. You would be unable to resolve the website to a hostname and you are stuck at a road sign that has information you need, but it is covered up with a blanket and you can’t see the directions. This is mostly what occurred last week. Other DDoS attacks are directed at certain websites which cause your request to be processed, but you get to the destination and a full parking lot. Remember, it is a denial of service, not a hacking or illegal retrieval of information inside a corporate network. It is deliberate and not something that can happen by accident. They are just locking the door at your destination, or they are taking the road signs down so you can’t find your way there.
What was slightly different about this attack is that it utilized internet connected or WIFI enabled items in your home or business. Over the last few months, some malware was released onto the internet and it installed itself on many of these devices. It could have been your smartphone or it could have been your thermostat or your refrigerator if it is internet connected. At least one company found it on their internet-connected surveillance cameras and issued a recall. On Friday, all of those devices were summoned to send continuous information packets to certain sites to overload them. You could have been an accessory to a crime that you never knew you committed. And, yes, your IP and MAC addresses are in a logfile somewhere now but we all know you didn’t mean to.
If the word “cloud” hasn’t entered your mind yet, it should have. The cloud is that bunch of wires I talked about earlier, but it’s really the devices rather than the wires. If your critical apps are in the cloud and if this DDoS attack affected any datacenters where your data was housed, you may as well have gone home last Friday. This happened to some companies last week. Many companies have made a rush to move their critical data from their control to somewhere on the internet and most feel relief not knowing where their data really is and that they don’t have to be responsible for its integrity or backing it up any more. So what if this happens again and this time the road signs are covered where there used to be directions to your critical data? What if the next attack lasts several days? You guessed it – it’s under construction. Some industry leaders in DNS Security are still reviewing this internally, which is not comforting.
I believe that these outages will continue to happen, so what is the best way to guard against it? There isn’t a great answer to that because you basically use the internet at your own risk. To the owners of the internet connected devices that assisted in this outage, many were not configured properly. If you have ever connected something to your WIFI out of the box and did not change the password, then it may have been part of the problem. It goes back to security and best practices. Use a secure password, never use a default password and change it often. Update firmware or patches on your computers, servers and devices. When in doubt, leverage your trusted IT partner to help with those tasks and always ask our advice on initiatives such as moving to the cloud.