Friday, October 21, was not the best day ever for internet users on America’s East Coast. A DDoS attack affected many websites, including prominent websites such as Twitter, Spotify, Netflix, GitHub, Amazon, Reddit, and Airnb.
Internet issues plagued many users on October 21.
What is a DDoS attack, and how did it take out so many websites? Time.com explains: “The problem seems to be due to a Distributed Denial of Service (DDoS) attack against Dyn, which provides Domain Name Service infrastructure to a variety of major Internet brands. DDoS attacks involve sending a flood of bogus internet traffic toward a target in hopes of overloading it and knocking it offline. DNS acts as a kind of phone book for the internet, helping your internet browser take ‘www.time.com,’ for instance, and retrieve TIME’s website.”
Dyn was hit by several waves of DDoS attacked on October 21, effectively slowing internet traffic to a standstill for many users.
What Does Internet of Things (IoT) Have to Do with It?
Surprisingly, some of the issue appears to have come from “smart” devices. The Verge reports:
“Details are now emerging about the nature of the attack. It appears the cause is what’s known as a Mirai-based IoT botnet, according to security journalist Brian Krebs, who cited cyber-threat intelligence firm Flashpoint. Dyn’s chief strategy officer Kyle Owen…later confirmed Flashpoint’s claim, revealing that traffic to its servers was clogged with malicious requests from tens of millions of IP addresses in what the company is calling a “very sophisticated and complex attack.”
Mirai is a piece of malware that scans the internet in search of vulnerabilities in IoT devices. When it finds a vulnerability, it essentially takes control of the device, turning it into a bot that can be deployed as part of a multi-pronged attack used to overload networks and servers with requests that ultimately disable or shut down the system.
Sometimes, such bots may target a particular website, affecting only its visitors. But the October 21 attack was much more impactful because it targeted Dyn, which manages a DNS service that serves as an essential piece of online infrastructure for the U.S. By targeting Dyn’s DNS, the malicious attack impacted multiple websites without having to target them individually.
This caught the attention of the Department of Homeland Security because attacks like this could seriously impact the entire country as smart devices continue to proliferate. It is no secret that in the next few months, millions more IoT devices are likely to be sold and plugged in as the holidays roll around. Some analysts wonder if the October 21 attack was a dress rehearsal for a larger-scale DDoS attack in the next few months.
Lesson from October 21: Secure your smart devices.
Kigo Vacation Rental Listing Site Partners Meet the Challenge
Despite multiple waves of attacks, Kigo listing partners affected (such as Airbnb) were operating smoothly again in a matter of hours.
While the attacks were inconvenient, they do underscore an important lesson for all to learn. When using IoT devices, it is important to decrease their vulnerability to attack by using best practices regarding passwords and authorizations.
If you found this article informative, you will love our Kigo blog. Check out all our great resources for vacation rental managers today!