Were you sitting at home on October 21, trying to enjoy a Netflix movie, only to find out it wouldn't load? Did you try to check Twitter for an update, but it wasn't working either? These websites, along with many others, were impacted by a massive attack against Dyn (a company that helps get you where you're going on the internet). The attack came in three waves throughout the day and caused interruption in service to Dyn's customers as well as many others as a side effect.
This was a Distributed Denial of Service (DDoS) attack, which is thousands of devices accessing a website at the same time with the intent of overloading it and bringing it down. These types of attacks are typically done for a number of reasons including blackmail, political, or even to just be disruptive. In this case, the perpetrators used thousands of hacked Internet of Things (IoT) devices (Such as smart cams, home routers, or even DVRs) to flood Dyn with traffic. On top of these artificial requests there were a large number of legitimate requests as well. The combination ended up knocking out access to many of Dyn's services and customers as well as making access to non-targeted sites difficult for many. This side effect was caused by the high volume of traffic taking up so much of the "information highway's" capacity.
While not being able to stream your favorite show or post on social media is an inconvenience, the attack did impact many other companies. Based on data received from Dynatrace, a company that gathers website uptime and response times, it is very easy to see that U.S. financial institutions took a hit with this attack as well. During the attacks there was a large increase in both failures to get to a webpage and the time it takes to load that webpage. In a time when taking more than eight seconds to find what you are looking for is enough to drive people away and opinions are quickly posted, these service interruptions can be detrimental to the success of a business and its reputation.
Impact to WSECU
The record setting size of the attack against Dyn is already having an impact on the tech world. Organizations have begun looking at their infrastructure and looking for ways to improve their ability to handle these types of attack, directly or indirectly. WSECU has grown a lot over the past few years and, with it, our security infrastructure is growing and adapting. We have, and continue to implement, measures and redundancies to mitigate attacks and ensure our services are available or restored to service as quickly as possible.
What You Can Do
The Dyn attack, being caused by as many as 100,000 IoT devices, is a wake-up call to many tech savvy home owners. Unsecured devices, even those that haven't been compromised, can be easily accessed and used against the owner or for even more malicious activities. You can be proactive with your IoT or other Wi-Fi devices by making sure you keep their software up to date or patched for vulnerabilities if they have that ability (You can check the manufacturer's website). Even by simply password protecting your Wi-Fi you can do wonders for the security of your networked devices. If you have any devices that shipped with login credentials, make sure you change those from the defaults. Securing your smart home devices is an important part of preventing unauthorized access (Like being used for a DDoS attack) and keeping your personal information more secure.