.png?width=220&height=44&name=Nuc-logo-sketched-1%20(1).png "Nuc-logo-sketched-1 (1)"){kind=logo}
On Friday, October 21st, there was a massive cyberattack on the company Dyn. Dyn is a very large DNS provider which many, many large sites rely on (Twitter, PayPal, Netflix, Reddit, Spotify, etc).
If you are unfamiliar with DNS it stands for Domain Name System. When you type in www.netflix.com into your browser, your computer has to lookup what the actual address of that server is. Your computer does this by using the internet phone books, or DNS providers.
The outage was actually three rounds of highly organized cyber attacks. It didn’t affect us that much as our clients use OpenDNS which was largely unaffected.
This attack can be summed up like this: 10’s of millions of people have fire hoses and they’ve turn them on all at once and aimed it at a single person. That person is drowning and there’s not much you can do about it.
Normally a cyber attack of this type utilizes malware infected computers around the world to act as those people holding the fire hose. Those computers are then turned into attack bots and when the trigger is pulled by the bad guys, they send as much bad information out of their individual internet connections toward a certain target as possible. This overloads the target and makes them inaccessible to anyone else on the internet as they are effectively drowning. This is called a DDoS (Distributed Denial of Service attack).
What makes this attack unique is that these weren’t just infected computers, but IP cameras and CCTV units that were infected with a Mirai botnet. This turns these cameras into attack bots and there were 10’s of millions of these cameras that were turned into weapons against Dyn. The detailed description of this attack is here: https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/
So what can we learn from this?
Change your password
This wasn’t a case of someone hacking into millions of cameras. It was simply a case of these hackers already having the list of passwords and writing an app that searched the internet for these devices and once the password worked, installing their botnet. Many of these cameras have their passwords hard-coded into them and those passwords cannot be changed. These devices were not designed with security in mind. Due to this, it was relatively easy, and remains relatively easy to get into these cameras and if you are a hacker that knows what you are doing, convert these cameras into botnets. These cameras continue working as cameras, so you wouldn’t even know one of your cameras were weaponized.
And it’s not as if you can install an antivirus on your cameras that would catch these things.
When choosing equipment for your facilities, make sure that security is not an afterthought. Make sure that all default passwords are changed and if you are purchasing a unit where the default password cannot be changed, think twice about whether that’s the right equipment for you.
Also make sure your password isn’t on this list that was attributed to the attack. I’m sure there’s some sysadmin in a basement that thought that last username and password combination was really clever.
Segregate your network
Although the Internet of Things devices weren’t part of this attack on Friday, despite what is being highly publicized, there will come a time when someone does figure out how to weaponize those devices. If you are installing Smart TV’s, NestCams, thermostats, Ring doorbells, internet controlled Espresso machines, Sonos speaker systems, wifi light bulbs that you can control with your phone, AppleTV, or even an ipad controlled kitchen scale, be sure to keep those on a separate wifi network from your laptops, workstations and servers. In your home, I’d recommend keeping it on a different network from your laptops as well. You do not want those devices having open access to your computers. Lock them away on their own network.
There was even an internet controlled Barbie that kept your Wi-Fi passwords in clear text. As soon as someone gets access to that doll, they can easily get your Wi-Fi password and now you’ve opened yourself up to a whole litany of problems.
Network level protection
We are proud proponents of Cisco Umbrella. This was previously the enterprise product from OpenDNS. This layer is cloud based and protects everything on the network, not just computers. It also protects laptops that are roaming and not on the hardened local area network.
Using Cisco Umbrella we protect the whole network against malware, drive-by malicious exploits, mobile threats, botnets and automatically block high risk sites and locations based on their behaviour. Good sites can turn bad, so Cisco is able to track their behaviour and act accordingly blocking a website even before that website owner is aware!
This is not the end
Unfortunately, the hacker group responsible for Friday’s cyber attack has said that this was a dry run. Their large-scale attack is still coming potentially around the time of the US election.
