On Friday, October 21, Twitter, Spotify, Reddit, AirBnb, Github, and several major websites reported outages due to a Distributed Denial of Service attack (DD0S). Here’s what you need to know about the attack and how to protect yourself.
Wait, what exactly happened?
On the morning of October 21, several prominent websites were taken offline for hours after several DDoS Internet traffic company Dyn acknowledged that the DDoS attacks targeted their Managed Domain Name System (DNS) network.
So far, there isn’t any information about who is behind these attacks, but according to CNBC, the White House said that U.S. authorities are “looking into all potential causes” of the attack.
According to Computerworld, a Chinese electronics component manufacturer, Hangzhou Xiongmai Technology, acknowledged that its DVRs and internet-connected cameras contained security vulnerabilities “involving weak default passwords in its products were partly to blame.” Security researchers say these vulnerabilities were exploited by a malware known as Mirai, a program which infects devices and uses those devices to launch DDoS attacks.
According to a statement, Dyn confirms that botnets created from Mirai were partly responsible for Friday’s attack. “We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that was part of the attack,” Dyn said in the statement.
What is a Distributed Denial of Service (DDoS) attack?
A Distributed Denial of Service (DDoS) attack is a type of Denial of Service (DOS) attack where hackers compromise several systems or computers–often compromised with malware downloaded from a phishing or social engineering attack–and use these systems to target a single machine or system. Then, the targeted machine or server is flooded with minor requests in an attempt to prevent legitimate requests from being fulfilled, essentially overwhelming the system and shutting it down.
It’s hard to combat a DDoS attack because a hacker could use hundreds or even thousands of compromised computers–each with different IP addresses–to attack a victim. With an unknown number of attack sources, it makes it difficult to simply block an individual IP address. In addition, it’s also difficult to distinguish between the different types of DDoS attacks.
What are the different types of DDoS attacks?
Essentially, DDoS attacks have one of two goals: either to crash a website or flood a website. Webopedia outlines three different types of DDoS attacks:
- Traffic attacks: This attack involves sending a large volume of traffic to the victim, effectively losing legitimate requests to a website in the process.
- Bandwidth attacks: This attack involves overloading the victim’s site with a massive amount of useless data. As a result, a website will lose bandwidth and equipment resources, which could lead to a “complete Denial of Service.”
- Application attacks: This attack involved targeting a website’s “application layers” of the “OSI model (this is responsible for the data and images you see on a website). This attack floods a site with several application-layer data messages that can completely disable the website.
Which websites were affected by the attack?
Here’s a running list of websites that were affected by these DDoS attacks from the DailyMail:
- Wix Customer Sites
- Squarespace Customer Sites
- Zoho CRM
- Iheart.com (iHeartRadio)
- The Verge
- Big cartel
- Urbandictionary.com (lol)
- Starbucks rewards/gift cards
- Playstation Network
- Business Insider
What can I do to protect myself and/or company/business from a DDoS attack?
- Secure your devices to make sure it cannot be used to launch these attacks. Make sure your “Internet of Things” devices–mainly referring to all devices that can connect to the Internet–operating systems, browsers, and other programs are always up-to-date. Additionally, install anti-virus and anti-malware programs.
- Hackers can compromise your device if you fall victim to a phishing attack. Make sure to never click suspicious links or download attachments from “phishy” websites. For additional tips on how to spot a phishing website or email, visit this blog post.
- Change the default passwords on your Internet-connected devices, including home automated devices, wearables (smart watches, activity trackers, etc.), smart cars, etc.
- Expand your bandwidth. As Patrick Lambert from TechRepublic writes, “You want more servers, spread around various datacenters, and you want to use good load balancing. Having that traffic spread out to multiple servers will help the load, and hopefully your pipes will be large enough to handle all that traffic.”
- Lock down your server! “Make sure your DNS is protected behind the same type of load balancing that your web and other resources are,” says Lambert. For companies manning their own servers, Lambert recommends making sure your “routers drop junk packets, block things like ICMP if you don’t need it to go through, and set up good firewalls.”
- Mitigate the threat to your website as soon as possible. “Have a plan in place to quickly replace dynamic resources with static ones, in the event that you’re getting attacked,” says Lambert.