Afritechnet readers have received ample warning as to the potential dangers of the Mirai malware and 'The Botnet of Things'. Mirai is only one form of malware known to exploit the security holes found in CCTV cameras, DVRs and other devices connected to the broader internet.
In a short space of time one of the most respected cyber-security bloggers has been subjected to a major DDoS attack:
https://afritechnet.blogspot.cm/2016/09/spam-nation-author-hit-by-biggest-ever.html
Likewise a major web-hosting company:
https://afritechnet.blogspot.com/2016/09/web-hosting-firm-suffers-record-1tbps.html
And now DynDNS, a noted DNS registrar, has joined the list of the unfortunates to have been victimized by the Mirai malware. Mirai infects systems via default usernames and passwords on IoT devices. Most IoT malware targets web servers, routers, modems, NAS devices, CCTV and industrial control systems.
A denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users.
https://afritechnet.blogspot.com/2015/06/what-is-ddos.html
Botnets can generate huge floods of traffic to overwhelm a target. These floods can be generated in multiple ways, such as sending more connection requests than a server can handle, or having computers send the victim huge amounts of random data to use up the target’s bandwidth. Over a million devices with unique IP addresses caused DynDNS’s operations to stall as a result of the overwhelming traffic.
https://intel.malwaretech.com/botnet/mirai/?h=2
DynDNS is a cloud-based domain name system registrar company that provides “unrivalled visibility and control into cloud and public Internet resources”. Domain Name System (DNS) translates Internet domain and host names to IP addresses and vice versa. DNS automatically converts between the names we type in our Web browser address bar to the IP addresses of Web servers hosting those sites.
https://www.lifewire.com/definition-of-domain-name-system-816295
In their own words, DynDNS promise that “traffic gets delivered faster, safer, and more reliably than ever”.
Sadly, the events of this past week exposed those claims to be false:
“On Friday October 21, 2016 at approximately 11:10 UTC, Dyn came under attack by a large Distributed Denial of Service (DDoS) attack against our Managed DNS infrastructure in the US-East region. Customers affected may have seen regional resolution failures in US-East and intermittent spikes in latency globally. Dyn’s engineers were able to successfully mitigate the attack at approximately 13:20 UTC, the attack lasted until approximately 17:45 UTC.”https://www.dynstatus.com/
The issue kept users on the American east coast from accessing Twitter, Spotify, Netflix, Amazon, Tumblr, Reddit, PayPal and other sites. An entire region being prevented from accessing vital online services that are so important to our collective socioeconomic welfare suggests a dim future for legitimate internet users but a bright one for those seeking to cause mayhem and profit as a result of the glaring security oversights.
The US Department of Homeland Security (DHS) and the FBI are both investigating the massive DDoS attacks hitting DynDNS, so far no announcement has been mas to potential culprits. The Department of Homeland Security had previously released a warning after the release of the Mirai source code into the wild.
http://www.reuters.com/article/us-usa-cyber-idUSKCN12L1ME
IoT botnets will become more prevalent because of a growth in the number of IoT devices but also because of an increase in the effectiveness of traditional desktop DDoS protection. The cost of running desktop initiated botnets has increased in cost as the price of effective anti-DDoS services have dropped. Meanwhile the cost of maintaining an IoT botnet is still very low.
https://www.malwaretech.com/2016/10/mapping-mirai-a-botnet-case-study.html
Despite the superior desktop protection, IoT devices have created a new, less secure avenue for hackers to exploit. IoT botnets harness the power of the Internet of Things combined with the current state of insecurity in which most IoT devices operate to create online carnage. DynDNS and their customers are only the latest victims, in the future we will witness even bigger, more devastating attacks.
Botnets have expanded in size as a result of the IoT and are likely to grow in capacity as the number of unsecured internet-connected devices increases. Estimates put the number of IoT devices at 21 million by the year 2020. It is likely that they will be plagued by the same inadequate security issues then as now.
Hackers will continue to find the weak points, security oversights and exploit them. Whether that be unsecured devices, networks, DNS registrars or poorly protected web-hosting firms.
In this latest instance one notable oversight was the apparent refusal to make use of secondary DNS servers. Secondary DNS servers may have prevented some of the most popular social media sites from falling offline as a result of the DNS breach.
https://www.howtoforge.com/traditional_dns_howto
Questions will understandably be asked as to the lack of preparedness. OpenDNS still has a good track record when it comes to safeguarding its clients. They successfully protected their users from a recent DDoS attack on blockchain.info. https://blog.opendns.com/2016/10/12/detecting-recent-blockchain-dns-hijack/
That too came about as a result of a compromised DNS registrar:
http://thehackernews.com/2016/10/blockchain-bitcoin-website.html
For those looking to set up a DNS nameserver:
https://www.opendns.com/setupguide/
0 comments:
Post a Comment