Last week’s Distributed Denial of Service (DDOS) attack that took down Twitter, Pinterest, Netflix and many other major web sites was unique for its breadth of targets.
“This is cyber Pearl Harbor,” said Philip Lieberman. “This is the first time we’ve ever seen a general attack that affects everybody.”
The DDOS attack on DNS provider Dyn began early Friday morning and continued in multiple waves throughout the day. Dyn provides Internet services to approximately 6% of Fortune 500 companies.
According to a Dyn statement, the attack involved “10s of millions of IP addresses,” including many devices infected with the Mirai botnet.
The IoT Vulnerability
Today, SC Magazine called this attack a wake up call for the Internet of Things (IoT) industry. This comes, the article states, “after years of warnings – mostly ignored – about the glaring vulnerabilities in IoT devices.”
One of the most severe vulnerabilities of IoT devices involves default passwords. IoT devices are generally set with a built in password. Often these devices are deployed without changing the password. In those cases, hackers can use the well known default passwords to access and take over the devices.
A Dyn spokesman said the company has still not heard from attackers and does not know who they are. The US Department of Homeland Security is investigating the attack.
For now, we’ll just have to see if the Dyn DDOS attack serves as a blueprint for similar incidents.