News Feature | November 2, 2016

DDoS Attack On Dyn Demonstrates Need For Serious Cybersecurity Investment

Christine Kern

By Christine Kern, contributing writer

Distributed Denial of Service (DDoS) attacks

Attack highlights the “disruptive potential of coordinated hacking efforts” on American networks.

The recent DDOS attack on the internet infrastructure provider Dyn took down sites including Twitter, Spotify, Paypal, Netflix, Facebook, Airbnb, Reddit, Etsy, the Guardian, CNN, HBO, and many others with experts determining it was the largest of its kind in history. The attack disabled websites across much of the continental U.S. and Europe and was a distributed denial-of-service (DDoS) attack.

Dyn, a provider of internet infrastructure, was swarmed by data requests from a network of hijacked machines — in this case, hundreds of thousands of hacked devices. Its systems were overwhelmed and its clients, some of the biggest names on the internet, were taken down as a result.

In a statement from Dyn, Chief Strategy Officer Kyle York wrote, “This was a sophisticated, highly distributed attack involving tens of millions of IP addresses. We are conducting a thorough root cause and forensic analysis, and will report what we know in a responsible fashion. The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations. We can confirm, with the help of analysis from Flashpoint and Akami, that one source of the traffic for the attacks were devices infected with the Mirai botnet. We observed tens of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.”

In an email, Adam Levin, Chairman and Founder of IDT911 and author of Swiped, told Business Solutions Magazine, “This DDOS attack affected major businesses and media sites and was caused by hackers who were able to exploit vulnerabilities and hijack Internet of Things connected devices. This is a wakeup call that convenience should not trump security and that there needs to be a security and privacy by design approach to building these smart devices so that consumer data and business bottom lines are protected.”

A report from independent technology market research and consulting firm Technology Business Research, Inc. (TBRI) highlights the disruptive potential such coordinated attack efforts has to undermine American networked communications as they inevitably will become more frequent as connectivity through the Internet of Things and digital transformation initiatives spread.

The “DDoS attack underscores need for U.S. investment in cybersecurity” the TBRI report states. “The clandestine nature of cyberattacks makes them an attractive alternative to real-world actions that would be considered too politically provocative for foes of the U.S. to execute.”

While the latest DDoS attack was the highest-profile incident to date, “Data show the situation was already escalating; Reston, VA-based network infrastructure operator Verisign reported a 75 percent increase in these attacks between April and June 2016 compared with the same period in 2015. As these attacks proliferate, it will be incumbent on the U.S. to continually improve its cyber posture.” And while the Dyn attacks proved to be just a minor nuisance to social media users, “There are significantly more sinister possible outcomes of major DDoS attacks on critical government networks, especially those of the U.S. Department of Defense (DOD).”

And while the Dyn attacks were ostensibly at attack on consumer-level services, TBRI asserts they also demonstrate the potential danger to U.S. national security, for which uninterrupted communications are a critical element. The report states, “Federal contractors with deep cyber portfolios will benefit from the imperative on government to bolster cyber defenses.”