The Latest / Data Security News
November 2, 2016
There was a morning last month, that for some was a little bit frightening. A huge number of the world biggest websites, at least in the western world, were all down. It’s entirely plausible you missed the whole thing, but for a good few hours, the usual cyber haunts of millions of people were all taken down in one major cyber security incident.
You may well have heard of Distributed Denial of Service Attack (DDoS), and it was this kind of attack that took so many websites down but with a few differences. To explain simply, with a typical DDoS attack hackers try to take a website down by overloading it with hits. That’s what happened here, but rather than attacking one popular consumer website, this attack went after a company called Dyn.
There’s a good chance that most people will have never heard of Dyn, because they sit in the background. However, Dyn is a major provider of internet servers for some of the biggest online companies in the world. By overloading the Dyn servers, the hackers were able to affect a DDoS attack across multiple popular sites and services.
And the second crucial difference that made this hack quite so effective, was the use of hacked Internet of Things (IoT) connected devices. These are devices such as webcams, printers or household services, such as heating controls, that have an internet connection.
As we said, DDoS attacks work by overloading servers with too many hits and visits. So, the hackers in this case, used a huge number of hijacked IoT enabled devices to generate that overload.
It’s not the first-time IoT devices have been used in this way to conduct a DDoS attack, but it’s certainly the biggest one to be co-ordinated on such a scale. Spotify, Twitter, Pinterest and Paypal were all hit in this one attack.
There’s a wide spread issue here with IoT devices: Too often, they are far too easily hacked. They usually come with a default password for example, that if the owner doesn’t change, leaves them wide open to be hijacked.
IoT devices have huge potential, and many people are understandably excited about the benefits that they can bring. The industry must be careful though when creating IoT devices. Convenience or cool features cannot take precedence over security.
That’s our approach with our solutions at GDS. Security comes first. Arguably, it seems with IoT devices, the benefits and potential have caused a proliferation of such devices, before the cyber security aspect of them has been properly considered and tightened. When it comes to cyber security, that’s a dangerous approach.