What happened to Amazon, Netflix, Twitter and all those other websites? How did it happen and will it happen again?
The outages that happened on October 21st are the result of a distributed denial of service (DDOS) attack on Dyn, a major DNS host based in New Hampshire. Twitter, Amazon, and Netflix weren’t the only websites affected. Spotify, Github, Soundcloud, Heroku, Time Inc., and others were affected. Users got an error message like the one below. The attacks continued throughout the day.
HOW IT HAPPENED
Hackers used a publicly available source code to assemble a botnet army of internet-enabled devices. Then they directed those devices to send massive waves of junk requests to the DNS provider, New Hampshire-based Dyn. The attack meant the provider couldn’t carry out its job of being a switchboard for the Internet, and consumers could no longer reach popular websites.
In an interview with CNBC, DYN said that the attacks were “well planned and executed, coming from tens of millions of IP addresses at the same time.”
An army composed of IoT-connected printers, cameras, routers, and fax machines was assembled by malware called Marai for the attack. It scans the Internet looking for devices that use a factory default password supplied by the maker of the device. When it finds them, the devices become part of the botnet army. The source code for the Marai malware was released to the public in early October.
WILL IT HAPPEN AGAIN?
Yes, it can and probably will happen again. The majority of the IoT devices used in the attack are still connected to the Internet and can be used again. Most people or companies don’t know that their device is part of the attack. A group calling themselves New World Hackers claimed responsibility for the attack and they promise there are more attacks to come.
While the attack on October 21st was the largest ever, there are others that weren’t so widespread but are possibly more dangerous. The US National Republican Senatorial Committee was one of about 5,900 e-commerce platforms that were recently compromised by malicious skimming software, the NSRC site was infected from March 16 to October 5 by malware. That software sent donors’ credit card data to attacker-controlled domains in Belize.
The October DDOS attack on Dyn seems to have made people more aware of the danger of hackers than the attack on Yahoo that compromised up to 5 million users. And there are other big holes in the IoT.
According to radio station WTMJ, a cyber attack on the US power grid could happen. It has never happened in the US, but in 2015, part of the power grid in the Ukraine was hacked and knocked offline.
To keep credit card data safe, Samsung Pay, which comes with many Samsung phones, changes the data into tokens to spend. The problem is a flaw in the program allows scammers to spend your tokens.
Peripherals connected to your system might let hackers into your system.
“Wireless mice and keyboards are the most common accessories for PCs today, and we have found a way to take over billions of them.” – Mark Newland
If you have a mouse or keyboard that is not Bluetooth it is vulnerable. Contact the manufacturer to find out if there is a patch for the security flaw, if not replace your mouse and or keyboard.
DVRs could let hackers into your system. Smart door locks, padlocks, thermostats, refrigerators, wheelchairs and even solar panel arrays were among the IoT devices hacked in a contest held at Def Con. In total 47 new vulnerabilities were found.
Tech Republic is reporting the app that allows users to verify credentials with Facebook or Google logins has a big problem: over 41% of apps using OAuth 2.0 aren’t actually validating user info, allowing account hijacks.
There are basic things you can do to help keep your system safe.
- Be cautious when connecting to public Wi-Fi networks, or better yet don’t use them.
- Use security SDKs to encrypt your data. While the might not stop hackers, every layer of security helps slow them down.
- If you are using the password and user ID that came with your peripheral, change it using these steps:
- Log off, this clears bots from your network.
- Log back on, then immediately change your password.
- Use strong passwords and change them often and don’t use the same password for different websites.
- Give employees access to the apps they need, not to the entire system.
- Update your system when security updates are available.
Check out this list of the top ten insecure software/firmware.
Companies that make IoT-ready peripherals are beginning to change their products and/or are offering patches. In July, Microsoft issued a patch for a flaw in the printer spooler in every version. The flaw could allow an attacker to install malware remotely on a machine to view, modify or delete data, or create new accounts with full user rights. Some manufacturers now require you to create your own username and password before you can connect to the Internet.
There is no way to guarantee you won’t be hacked. You must be vigilant and keep up with security updates and the latest SIEM tools. If you find you were hacked, change your password and scan your system for malware. Check to see if your account details are still the same, addresses etc. If your email was hacked, check your sent mail for emails you didn’t send or changes made to your account. Let everyone on your email list know about the hack and of course report it to your IT department. Do your best to be safe and secure. Right now, that is all you can do.