allheart55 (Cindy E)
Administrator
The digital dust has settled, for now at least, on last week’s Distributed Denial of Service (DDoS) attack against DNS service provider Dyn.
Some of the rumors we’ve heard for attack on Dyn include:
- The DDoS was an experiment to see how big an attack could be if the crooks really wanted.
- The DDoS was a practice session for an attack on the forthcoming US election.
- The DDoS was a show of strength, in case Julian Assange of Wikileaks turned out to be dead.
Dyn dealt with the extent to which an open-source DDoS attack tool called Mirai was involved, and how to work against this sort of attack in the future.
If the name Mirai rings a bell, we wrote about it just two weeks ago after a similarly-huge DDoS attack on well-known cybercrime journalist Brian Krebs.
Krebs, in turn, seems to have been attacked because he was involved in an exposé that led to the arrest of two young DDoS-for-hire hackers from Israel.
In short, this may very well boil down to a series of “tit-for-tat” salvos launched by the DDoS crooks.
In other words, for all the deeply sinister explanations you can come up with for the attacks on Dyn, there’s an underlying and prosaic reason why cybercrooks carry out DDoSes of this scale:
Q. Why do cybercrooks carry out DDoSes of this scale?
A. Because they can.
Unfortunately, one of the main reasons why the crooks are able to carry out such ambitious attacks is equally simply expressed:
Q. How is it that crooks are able to carry out such ambitious attacks?
A. Because we let them.
In the case of the Mirai attack tool mentioned above, the DDoS malware runs on unsecured Internet of Things (IoT) devices, from cameras and printers to routers and modems – devices that many people don’t even realise can contribute to cybercrime.
Worse still, while the Mirai malware is busy with attack X, it’s also automatically scanning the internet looking for the next wave of insecure devices that can be used for attack X+1.
Unlike old-school viruses and network worms, which looked for potential new victims and infected them automatically, Mirai plays a more secretive hand. It quietly reports its new list of potential victims back to the crooks, leaving infection until later. It therefore keeps a lower online profile than if it spread as far as possible and as quickly as it could.
It’s not just DDoS attacks from IoT devices that we have to worry about, by the way.
A significant proportion of the many websites that act as malware distribution servers used to attack Windows computers are otherwise-legitimate websites that have been hacked because they were unpatched or otherwise ill-secured.
LEARN MORE: How innocent servers serve cybercrime
(Audio player not working? Download MP3, listen on Soundcloud, or read the transcript.)
And a significant proportion of the spam that we see comes from regular computers that are infected with zombie malware that allows crooks to spew out spam at will.
These three sorts of cyberattack share several worrying characteristics:
- They give the crooks free bandwidth for their cybercrimes.
- They divert the blame onto the wrong people.
- They are hard to disrupt because they come from so many sources at the same time.
- They seem innocent because they come from devices with no obvious criminal connection.
- They can often be run again and again because just removing the malware is not enough.
You need to close the door on the crooks on a more permanent basis whenever you can.
And why not do so right now, given that we’re in the last week of Cybersecurity Awareness Month!
What to do?
Here are some simple and general security tasks you can carry out at home (or at work!) to make life harder for the crooks:
- Patch early, patch often. If your router has a firmware update available, install it now. If you have fallen behind on operating system updates, consider activating fully automatic updates so you won’t forget again. A hole that could be patched is a whole that should be patched.
- Turn off remote access to your IoT devices if you can. Some connected devices let outsiders login by default, which is handy for troubleshooting but even handier for crooks. If the device lets you restrict access to your local network only, make sure that option is turned on.
- Change all device passwords so you don’t have any defaults. Many devices come preconfigured with usernames and passwords such as root/root or admin/admin that can be found with a search engine. A default password is as bad as no password.
- When you acquire a new device, research it online before you make it live. If there are security patches available, apply them first. If there are risky settings you can turn off, do that up front. Even if it’s a gift, don’t feel pressurized into connecting it up right away.
- Learn how to scan your own network for security holes. Tools such as Nmap can help you find holes before the crooks do. It’s legal to probe your own network, so you may as well find out if there are any obvious problems first. (If you already know how to do this, why not help your friends as your contribution to [HASHTAG]#NCSAM[/HASHTAG]?)
- Consider trying an industrial-strength home firewall. For example, Sophos Firewall Home Edition is 100% free. You’ll need a spare computer and some technical savvy (or a friend with the savvy) to set it up, but you’ll end up with all the features of our commercial product, and it will keep itself up-to-date with protection against the latest threats.
…if you aren’t part of the solution, you’re part of the problem.
Source: Sophos
