26th October, 2016

The Black Friday of Internet

The Distributed Denial of Service (DDoS) attack that took place on Friday the 21st of October 2016 could be considered the 11th of September of Internet. Without the necessary countermeasures, such attacks are destiny to be repeated.

This attack has been the most massive attack that Internet has suffered since its born. Its origins could be found when Brian Krebs, journalist and author of the blog rebsonsecurity.com, denounced two people for a VDoS attack.

As a consequence, between the 20th and the 22nd of September 2016, his blog has been attacked with a DDoS attack with an estimated power of 650Gb per second.

After this attack took place, the code used, named Mirai, was published on HackForum. Afterwards many experts considered that starting from this moment everybody could have been potentially able to perform a DDoS attack using the vulnerabilities present into the Internet of Things (IoT).

How the Mirai code works? The code continuously scans the Internet for IoT devices and logs into them using the factory default or hard-coded usernames and passwords.

Once infected, the devices connect to command and control servers to gather details of the attack and target. They then produce large amounts of network traffic—spoofed requests against the target servers. The number of this devices could easily reach several hundreds of thousands units, and each of them would be able to generate new traffic and new requests against the target servers until they will be down.

The fact that this code is able to access to these device, re-initiate their password and restart them, it's due to the fact that the manufacters didn't invest on a proper security at the design time.

In particular, the devices that have been taken as target have been IoT devices, CCTV cameras and DVR, produced by the chinese company XiongMai Technologies.

XiongMai, released millions of devices that make use of default passwords easy to guess and that could be bypassed via shell. The company admitted the mistake and released immediately the patch, but it's impossible to guess when all these patches will be applied on the systems after that millions of devices have been already distributed on the market.

After the first, another attack, with a more important magnitude, has been repeated the 21st of October 2016, but this time the main target have been the main DNS servers present on Internet.

This attack showed how much weak is the current DNS implementation on which we are relying on for the resolution of any Internet service address that we might need to access.

Moreover, it's also important to consider that this specific attack was carried out using "only" compromised cameras and routers, but we are moving to a world where every single device in our every day life will be connected, from our watches, to our fridges, from our cars to our plants.

All these devices, if not correctly protected, could be converted into a huge botnet and they could be used as the carriers of a even bigger attack that could be carried against institutions or governments or simply against anybody we might want to attack.

Will we be ready to cope with an attack of this magnitude?

Leave a comment

Swiss Identity & Access Management experts

Ask for a Demo