On Friday, Oct. 21, the largest, widespread internet outage took place. Users from the East Coast to the West Coast of the U.S. experienced problems accessing some of the most popular websites throughout the day, including Netflix, Twitter, The New York Times, Spotify, CNN, and Airbnb. It’s the single largest internet outage that most of us have experienced, and we are just beginning to unearth what this means for the future of cybersecurity, the internet as we know it, and the Internet of Things (IoT).
Numerous groups have already claimed responsibility for the attack, like WikiLeaks members and the infamous Anonymous hacker group. However, the real culprit behind the attack is still unknown. Due to the scale and location of the internet outage, as shown in the map above, it’s safe to assume that whoever did it was specifically targeting the U.S. How was the attack executed in the first place? And why does it matter to your business? Let’s take a look.
How The Internet Outage of 2016 Happened:
The true culprit, or at least the devices that helped complete the attack, might be in your own home. It was discovered that millions of IoT devices, mostly DVRs and webcams, made by Chinese manufacturer Hangzhou XiongMai Technology were infected with Mirai, a malware strain. These devices were then used in what’s known as a distributed denial-of-service (DDoS) attack on a Domain Name System (DNS) services, Dyn Inc.
The important thing to note is who the attack was meant for, which is Dyn Inc. Dyn Inc. and other DNS providers act as a GPS for users accessing the internet. You type in the website address you want to visit, and they find the corresponding IP address, which brings the website directly to your screen. DDoS attacks often do not have monetary motivations, but instead are often used to try and censor certain websites by overwhelming them with traffic and crashing them. But, by directly attacking Dyn, the hackers were able to overwhelm the directory feature and create mass outages and loading problems across the internet. Thus, censoring a large part of the population from numerous popular websites, including major news websites.
Why It Matters:
The internet outage of 2016 is significant for several reasons. It proved how vulnerable IoT devices really are when it comes to cybersecurity and highlighted the fact that this problem is worsening. More and more manufacturers are creating IoT devices every day while overlooking any security concerns these devices may pose. Dave Palmer, director of technology at U.K. cybersecurity company Darktrace, affirmed the outage was a result of
Dave Palmer, director of technology at U.K. cybersecurity company Darktrace, affirmed the outage was a result of unsecured IoT devices when he said, “This is exactly what happens when tens of thousands or hundreds of thousands of devices are left unprotected,” according to Bloomberg. Until manufacturers and producers of IoT devices are pressured or forced to ensure the security of their devices, they will continue to make them as they are. Which at their current level are extremely vulnerable and susceptible to malware or other types of attacks that lead to national or global outages like the one we just experienced.
The outage also proved the vulnerability of the internet itself. Although nothing seems to have been stolen in this massive hack, it’s important to note that Amazon’s Web Services (AWS), a major cloud provider for numerous businesses, was also one of the website’s targeted. If hackers were able to shut down major websites like AWS, where a plethora of sensitive data is stored, then it’s only a matter of time before widespread internet outages like the one seen last week become commonplace, especially given the rising proliferation of IoT devices. And, worse than that, instead of simple disruptions in internet service, the attacks will begin to yield rewards to the hackers, like usernames, passwords, credit card info, business bank account numbers, and more.
Technology is advancing faster than we are capable of securing it. IoT devices are hitting the market before they are fully secured, which allows them to act as building blocks for hackers to enhance and enlarge the scale of their attacks. Now more than ever before it’s crucial to have internal cybersecurity and IoT experts that can guarantee the cybersecurity of your business. Forward-thinking companies have already begun to hire Cybersecurity Engineers to help identify any potential threats before they attack, as well as IoT Software Developers so they can ensure they are building and implementing secure IoT software on their various devices and products.
If you lack the cybersecurity or IoT talent you need to ensure the safety and security of your website and products, contact Mondo today. We’ll match you with the qualified tech talent you desperately need.
Shannon Vize currently works as the Content Writer for Mondo. Shannon authors a majority of the content published by Mondo, in addition to helping create and adjust the content strategy for the Digital Marketing and Tech Staffing Agency. She has been published on various online platforms on subjects ranging from marketing to fashion to social issues.