Here’s what we can learn from Friday’s historic DDoS attack.
Friday’s outage of major websites is a grim reminder that the internet is becoming an increasingly hostile environment. From 500-million-account data breaches to 1 TB network floods against hosting services, cyberattacks are aggravating in scale and sophistication, and protecting users and services against malicious actors is becoming a complicated task.
The historic attack on Friday, which caused trouble for millions of users accessing a number of popular sites including, among many others, Twitter, Netflix, Reddit, and Airbnb, was carried out through a Distributed Denial of Service (DDoS) assault against Dyn, the company that provides Domain Name Services for major websites.
The attack first affected networks in America’s East Coast before spreading across the U.S. Users in other regions such as Europe and Asia had less difficulty accessing the websites.
DDoS attacks involve shutting down servers by flooding them with requests from thousands and millions of infected devices, known as botnets.
These types of attacks have recently grown in magnitude and frequency, which is partly linked to the chaotic growth of the internet of things (IoT). Botlords are finding it easier to conscript IoT devices into their botnet armies because of their associated vulnerabilities and are using networks of devices such as CCTV cameras to stage huge DDoS attacks against their targets.
Though the source of the DDoS against Dyn has not yet been confirmed, multiple internet infrastructure firms say IoT botnets are the culprit behind the attack. This is not especially surprising, as the recent public release of the source code for Mirai, a popular IoT botnet, has led to the speculation of Mirai-based attacks increasing. This is yet further proof that IoT security needs to be taken seriously.
Increased capabilities in assembling botnets are in many ways democratizing high-magnitude DDoS and enabling under-resourced hackers to stage attacks that were previously within the exclusive power of nation states.
This is especially worrying as our lives and businesses become more and more dependent on online services. For instance, many users rely on services such as Spotify to consume music and do not store music files locally on their devices. Thus shutting down the service will deprive them of music altogether. The same can be said of businesses and organizations that run totally on cloud services as opposed to on premise data centers.
While the attack against Dyn was in many ways similar to DDoS attacks we’ve seen in previous weeks and months, it had its own unique twists as well. The fact that the attack was staged against a DNS server indicates a new trend in DDoS attacks, which are usually launched against individual websites.
DNS servers are like address books for the internet. They’re applications that translate the human-readable names we type in our browsers such as dailydot.com to computer-readable IP addresses such as 22.214.171.124. As virtually all users are used to accessing websites through their domain names instead of their IP address, bringing down the DNS server will effectively cut off their access to the destination sites, even if the latter is still online and functioning properly.
Targeting DNS servers with DDoS attacks is especially effective because, aside with having to deal with the malicious traffic, the servers will also have to handle the flood of requests coming from frustrated users who will constantly press refresh on their browsers.
This highlights another problem with current security practices. Companies deploy technologies to protect their websites against DDoS and other cyberattacks while DNS servers and other infrastructural resources are often taken for granted and treated as if they will always be online. Therefore not enough is being done to protect these services, which are critical to maintain stable internet presence.
Hackers will always target the weakest link in the chain, where they can get the biggest bang for the buck. Meanwhile, the problem is, the infrastructure supporting the internet is consisted of a series of interlinked servers and cloud services, and no single entity has the power to vet and implement security for the entire chain.
This warrants the need to adopt a holistic approach, and to conduct concerted efforts at different levels, including government agencies, cloud providers, ISPs and site administrators, to protect online services against DDoS attacks.
Another solution that shows hope for securing networks against DDoS attacks is the adoption of decentralized models, where data and computation is distributed among participating nodes instead of being consolidated in central servers. Decentralized platforms are resilient to DDoS attacks because they do not contain any single point of failure that can be exploited by attackers.
One of the promising technologies in this regard is blockchain, which is used to power Bitcoin. Blockchain is still a nascent technology, but many believe it can evolve to become the infrastructure for many critical tasks that currently rely on the traditional server/client model, especially as it addresses many of the problems that are inherent to decentralized systems, such as trust and security.
What’s evident is that DDoS attacks will continue to rise as a prominent threat to online services and businesses—until everyone works together to find a better way.