Unprotected IoT devices killed the US Internet for hours

A massive distributed denial-of-service attack has crippled a large part of the US Internet for hours on Friday. The attack – targeted at DNS provider Dyn – has rendered extremely popular Internet services such as Twitter, Netflix, Github and Spotify unreachable for customers in the United States. Along with these, six percent of the US Fortune 500 corporations have suffered various outages resulted from loss of DNS resolution.

The outage seems to have been caused by a botnet of compromised smart things that had been instructed to perform repeated requests on the Dyn infrastructure. In September, a team of hackers have open-sourced a piece of malware able to infect and control generic IoT devices. Dubbed Mirai, this bot takes advantage of unsecured Telnet services running on IoT devices and control them in coordinated DDoS attacks. This bot can now be used by anyone to target smart things and harness their power for coordinated DDoS attacks.

Bitdefender’s internal telemetry on IoT devices shows that almost 2% of smart devices have weak or no passwords for Telnet. While the number might sound diminutive, they become a lot scarier when put into perspective. According to analysis firm Gartner, there are 6.4 billion IoT devices running in the world. Two percent of these 6.4 billion devices translate into roughly 128 million potential bots that could knock offline any service on the Internet.

Threats that loom over the IoT space are much more diverse than what made the Mirai botnet possible. Bitdefender’s threat intelligence on smart things show that Internet-connected printers, NAS devices and routers dominate the vulnerability top. 65.9% of these vulnerabilities identified in IoT devices are known and could be plugged, but they are still present because either there is no fix from the vendor, or the user failed to install it.

What is DNS and why is it important?

DNS (short for Domain Name System) is a core service on the Internet that translates domain names into IP addresses. It works similarly to a telephone book: when someone wants to reach a person, they look up that person in the phone directory, get their phone number, and then call them. When the DNS system is unavailable, users can no longer access the services they want, even if these services are functioning normally.

DDoS attacks are becoming the new normal

Yesterday’s distributed denial of service attack against Dyn is the third one in a series of extremely devastating attempts at knocking Internet infrastructures offline in less than a month. In late September, the website of tech journalist Brian Krebs was hit with a 620 Gbps DDoS attack, marking world’s biggest attack of its kind. Days after, French Internet service provider OVH has faced a similar attack, but this time peaking at 1 Tbps. Yesterday’s attack against Dyn has reportedly leveraged 1.2 Tbps of junk traffic setting a new global record.
Harnessing that much traffic would normally be impossible for “legacy” botnet operators that rely on infected computers to send traffic to their victims. However, by adding compromised IoT devices such as printers, smart light bulbs, NAS devices or thermostats to the botnet, hackers can now leverage so much traffic that they can actually target core services of the Internet and knock them offline.

Stay safe to keep the others safe, too

Yesterday’s attack has demonstrated once again how fragile the Internet has become after the IoT boom. According to a tweet released by hacker group New World Hackers, who actually claimed the incident, this was nothing more than a test and something worse is looming over the Internet.
The smart devices that power your household can now be abused by the bad guys to arbitrarily restrict access to the services that you rely on. The more unprotected devices in your household, the more damage hackers can inflict to others. IoT security has become a matter of web hygiene, just as antimalware is to computers, laptops and tablets.

First of its kind, Bitdefender BOX is a complete security solution engineered to protect smart devices against malicious attacks coming from the Internet. The unique built-in Vulnerability Assessment module performs regular scans on your network and prompts the administrator every time it identifies a vulnerability or misconfiguration that can be exploited.
Always remember that security is a collective effort. By keeping your devices secure, you ensure that they are operating properly and that they don’t become a threat to someone else’s digital world.