Exploring a Real-Life DDoS Incident and its Far-reaching Impact
A Distributed Denial of Service (DDoS) attack is a type of cyberattack where multiple compromised computers or devices flood a target system or network with a massive amount of traffic, overwhelming its resources and causing it to become unavailable to legitimate users. DDoS attacks can have large impacts, affecting not only the target but also interconnected systems, networks, and even the overall internet infrastructure.
Let’s explore a real-life DDoS incident and its far-reaching impact:
Incident: The Mirai Botnet Attack (2016) The Mirai botnet attack is one of the most notable DDoS incidents in recent years. In late 2016, a massive DDoS attack occurred, targeting a large DNS service provider called Dyn. The attack disrupted access to number of websites and online services for several hours, impacting major internet companies like Twitter, GitHub, Spotify, Netflix, and many others.
Traditionally, botnets are created by compromising PCs, which often had a number of vulnerabilities. PCs could be captured either through unprotected network ports or via trojans or other malware, often spread by spam, that would open backdoors attackers could access. Once the PC is compromised, the controller — known as a bot herder — issues commands via IRC or other tools. Sometimes commands come from a central server, though more often now botnets have a distributed architecture that makes their controllers harder to track down.
IOT are devices which traditionally are not PC’s but various gadgets connected to the internet with some computing capacity. These can be devices like camera’s , home appliances , fridge etc. These type of devices are rarely patched or protected in the past. Mirai took advantage of this and scanned the internet for IOT devices with open telnet ports and tried to login with 61 combinations of username and password combinations. This way they were able to find a large number of devices. If the default username-and-password combo is not changed, Mirai is able to log into the device and infect it. This shows how important it is for companies to not use default username and passwords.
The creators of these were college students who were caught. The source code was made freely available and it lives on with various mutations. This hopefully shows us the importance of how smaller things like IOT devices security also is important. Most enterprises just focus on servers, laptops and databases and think that they are good on security. Everything which is on internet is potential for breach and needs to be secured.
I found this article super interesting.