On Friday, Oct. 21, Internet Performance Management Company, Dynamic Network Services (Dyn), was the victim of the largest Distributed Denial of Service (DDOS) cyberattack to date. The DDOS attack severely disrupted Internet access across the United States to sites including Twitter, Netflix and Amazon.
A DDOS attack involves flooding high-levels of requests to a router or a server until it overloads the environment, causing it to crash or halt traffic. In this case, the attack most likely used tens of millions of web-cams, home automation devices, wireless routers and Internet-enabled appliances. Because these devices usually come with factory-supplied passwords that consumers typically do not change, they are easy to infect. While DDOS attacks are designed to cause short outages, they can significantly disrupt communications when it is most needed. It is believed that this attack might have been a test intended to be used to disrupt the U.S. general election.
Remediating DDOS attacks requires the detection of unusually high volumes of requests made by the Internet-enabled devices and temporarily shutting down access to the devices. Enterprise security teams should:
- Perform device scanning and use auditing software to detect factory supplied passwords.
- Review and implement security services that could detect both probing of DNS, service providers, and CNC (Command and Control) activity, in which machines are operated by computer command.
- Isolate IoT devices on protected networks and perform security testing.
- Apply access controls between IoT devices and IT resources using enterprise firewalls, intrusion prevention systems, and integration with identity and access management.
- Implement an incident response plan. Regardless of the type of attack, having incident response capabilities enables organizations to react quickly to remediate an attack and limit the damage.
To avoid this happening to you, consider specialized DDOS protection services such as that offered by Akamai which can automatically reroute DDOS traffic away from your servers and mitigate against disruption of service.
Akamai operates a Fast DNS service which is architected for availability and resilience against DDoS attacks, We have segregated our Fast DNS infrastructure into twenty separate DNS clouds, specifically architected for availability. We then distribute the name servers assigned to customers across the DNS clouds in order to minimize the impact that attacks against any one customer can have on others. Within each DNS cloud, Akamai deploys clusters of name servers in such a way as to minimize the impact that localized attacks can have against the entire network, such as deploying name servers directly into end-user ISPs to maintain service for ISP users. As a result, we are unaware of any Akamai customer that was affected by this attack. Additional detail is found in the following attachment:
Most importantly, don’t wait to contact your IT security expert to begin the process of preparing for and defending against a DDOS attack aimed at you.
Defending against DDOS attacks is the Forte of Akamai. Akamai offers both Konami Site Defender and Prolexic, the two market leading mechanisms, for exactly this purpose. The key to Akamai’s success in this field is that they can offer an “always on” capability which means the customer never has to experience the attack.
Instead, Akamai’s 200,000 servers located strategically at the edge of the Internet absorb the DDOS attack as the attack vector is funneled away from the target. No one else has the capability to absorb such intense DDOS attacks as Akamai.
Don’t be the next victim, contact us today to discuss Akamai’s offerings.