Last week, a massive DDoS (Distributed Denial of Service) attack brought down some of the biggest websites, including Twitter, PayPal, Netflix, PSN, Reddit and Spotify. Friday’s DDoS attackers used Internet of Things (IoT) devices to cause internet outage. And the hackers have boldly claimed that what happened last Friday was just a “dry run”. Does that mean more cyber attacks are coming our way? Could millions of IoT-connected devices – cameras, sensors, toys, mobiles – bring the internet to its knees? Although the situation sounds scary, it’s highly likely to occur, given the fact that hackers now have a secret weapon in the form of internet-enabled devices.
Dyn, the company that was affected by Friday’s attacks, confirmed that it began seeing the outage earlier on in the day. A hackers group called New World Hackers claimed responsibility for Friday’s attacks via Twitter. Although their claim on twitter could not be verified, the members revealed that they organized networks of connect devices to create a botnet that spit out a staggering 1.2 trillion bits of data – yes, you read that right – 1.2 trillion bits of data every second to Dyn’s servers. However, Dyn hasn’t confirmed the figures yet.
Dyn and other service providers act as a link between URLs and the corresponding IP addresses. The DDoS attacks led to overwhelming junk data traffic, eventually causing the widespread outage. The issue was fixed early Friday morning, but a few hours later, the company again reported that it was monitoring and mitigating a suspected DDoS attack against Dyn managed DNS infrastructure. The attack started at 7am Friday morning and continued for about two hours. The first round of attack was resolved after two hours, only to be hit by a second bout of attack.
The Emergence of IoT DDoS Attacks
DDoS attacks have been increasing at an alarming rate in recent months. Friday’s attack took these kinds of attacks to a whole new level – using IoT devices and transforming them into a massive botnet. Lance Cottrell, chief scientist for the cyber security firm Ntrepid, said – “DDoS attacks have been used for years, they’ve become very popular in recent months, thanks to the proliferation of “internet of things” devices ranging from connected thermostats to security cameras and smart TVs. Many of those devices feature little in the way of security, making them easy targets for hackers.”
While IoT security is the next big thing, the power of DDoS attacks using IoT-enabled devices cannot be under-estimated. As more and more devices get added to the connected world of IoT, the chances of using these devices’ vulnerability to launch attacks also increase. Just to mention the stats, an average American home contains 13 internet-connected devices. By 2020, every individual will have about 7 devices connected to the internet. These numbers emphasize the need for security. The recent attacks showed how the IoT devices can be turned into botnets spitting out data at the unimaginable bit rate.
Motive Behind The Attacks
Well, what could have driven New World Hackers to launch a deadly cyber-attack of that magnitude? A member of the hackers group, who identified himself as “Prophet” told an AP reporter via Twitter (direct message) that the Friday attacks weren’t motivated by money and also had nothing personal against Dyn, Twitter or any of the other affected sites. The hacker went on to say that the Friday DDoS attacks were merely a “dry run” and that the next target will be the Russian Government, for having committed all the alleged cyber attacks against the United States this year. “Twitter was kind of the main target. It showed people who doubted us what we were capable of doing, plus we got the chance to see our capability,” said Prophet.
Anonymous Took On After New World Hackers Stopped
After New World Hackers stopped DDoS attacks Friday afternoon, reports claim that members of Anonymous – another hacker group – picked up where New World Hackers left off. Anonymous actually wants DDoS attacks to be legalized as a form of protest. After the attacks continued on Friday, White House spokesperson Josh Earnest told reporters that the United States Department of Homeland Security had been monitoring the situation.
The impact of such massive cyber attacks could be disastrous. Although several firms offer protection against DDoS attacks, the services are too expensive. This calls for increased security of all IoT devices at all levels. Prevention is always better than cure.