The attack

On Friday October 21st, as people tried to watch Netflix or listen to Spotify they both suddenly stopped working. This “internet doomsday” happened because of a distributed denial of service (DDOS) attack on Dyn.

Dyn is a huge DNS company that provides IP addresses to URLs, disrupting numerous websites like Netflix, Spotify, and Amazon. A DDOS attacks attempt to inundate the internet with traffic caused by a special malware called a botnet.

Dyn actually blamed the internet of things (IoT) such as DVRs and security cameras as a source of the attack. This probably is an iconic event to tech nerds and binge watchers alike. This huge attack affected numerous popular websites. Even though Netflix was making you rip your hair out, we need to be more aware of how insecure our items really are.

How to be more secure

According to PC Mag, the big DDOS attacks should be a wakeup call for companies and users to secure their IoT devices better. The giant chain of internet connected devices is just a pathway for attackers to access data in order to reach their targets. All these attacks on these devices are things people don’t think about, but there are ways we could avoid this! Securing your devices and connectivity delivery are important to protecting your devices.

Several ways you can reduce this risk include:

  1. Create unique passwords
  2. Run numerous monitoring functions that look for potentially malicious communication from unknown IP addresses. This helps prevent a bot from repeatedly trying to guess your username and password.
  3. If you run your own server, make sure it’s secure and you can maintain it. Cisco suggests strategies like buying excess bandwidth or redundant networks to withstand DDOS attacks. The botnet scans for devices with default username and password credentials.

Learning all about DDOS

DDOS attacks come from a variety of things, including how IoT devices are authenticated, how data is protected, and how the IoT affects other systems. This botnet goes through the web for IoT devices that are secured by default usernames and passwords. It then uses these devices to attack online targets. If I never learned this in IST 233, I would’ve probably just kept on refreshing Netflix throughout the day hoping for the best. Or had given up, like what my non-IT friends would’ve done. Today, we should be aware that these kind of problems could happen at any time.

But the responsibility to protect IoT devices can’t fall solely on the consumer. Professor Dave Molta believes that a huge problem with these IoT devices is manufacturing quality control. Vendors should be creating products that aren’t vulnerable to these security issues. Established devices are produced in larger volumes, so it’s more likely that security vulnerabilities will be detected. Devices created by unknown vendors have higher vulnerability. One way consumers can protect themselves is to use established products rather than one-off technology.

Don’t be afraid!

Ironically, the DDOS attack happened during Cyber Security Awareness Month. It’s important to understand circumstances that lie under securing your home devices or purchasing them from the right kind of manufacturers. If you want to learn a lot more about this you could start by taking the IST 233 class or attend the Information Security Club meetings.