The 21st of October showed us how vulnerable the world internet infrastructure is and how seriously we should take IoT security. That day, the world experienced major DDoS (distributed denial of service) attack. It targeted domain name system (DNS) services provider Dyn, located in the US.
This attack is considered the biggest one to use the Mirai IoT malware code released at the beginning of October, that allows hackers to hijack IoT devices and use them for DDoS attacks. The malware spreads by scanning the Internet for insecure IoT gadgets protected only with static passwords.
Many web services were compromised by the attack, including major ones like Airbnb, Amazon Web Services, Github, Netflix, The New York Times, PayPal, Reddit, Shopify, Spotify, Twitter, and Vox.
Being a fundamental part of internet networking, the DNS directory system being a target of attack is a huge concern. Thomas Fisher, the global security advocate at Digital Guardian, sees it as another emphasis on how insecure the internet is. The hackers did not just attack certain sites and applications, but a whole DNS provider, which renders this situation especially provocative.
DNS providers delegate security responsibility to the third parties making themselves even more vulnerable, creating even more problems for themselves. This trend leads us to an interesting conclusion: a company should use services of different DNS providers who are more prepared for these kinds of issues.
IoT devices being used as instruments for attacks also shows us how insecure the IoT sphere is. Manufacturers in the field should focus more of their attention and resources towards the security aspects of IoT deployment. However, due to minimal contributions, specialists expect even larger attacks in the future.