Last week’s Distributed Denial of Service (DDOS) attack that took down Twitter, Pinterest, Netflix and many other major web sites was unique for its breadth of targets.
“This is cyber Pearl Harbor,” said Philip Lieberman, President and CEO of Lieberman Software. “This is the first time we’ve ever seen a general attack that affects everybody.” (See the CBS Los Angeles news broadcast below to watch Lieberman’s comments on this cyber attack).
The DDOS attack on DNS provider Dyn began early Friday morning and continued in multiple waves throughout the day. Dyn provides Internet services to approximately 6% of Fortune 500 companies.
According to a Dyn statement, the attack involved “10s of millions of IP addresses,” including many devices infected with the Mirai botnet.
CBS Los Angeles – Cyberattack On Internet Firm Brings Down Major Sites, Including Twitter, Netflix, Visa
The IoT Vulnerability
Today, SC Magazine called this attack a wake up call for the Internet of Things (IoT) industry. This comes, the article states, “after years of warnings – mostly ignored – about the glaring vulnerabilities in IoT devices.”
One of the most severe vulnerabilities of IoT devices involves default passwords. IoT devices are generally set with a built in password. Often these devices are deployed without changing the password. In those cases, hackers can use the well known default passwords to access and take over the devices.
A Dyn spokesman said the company has still not heard from attackers and does not know who they are. The US Department of Homeland Security is investigating the attack.
For now, we’ll just have to see if the Dyn DDOS attack serves as a blueprint for similar incidents.