On October 21st, many people had trouble accessing dozens of popular websites and services as a result of a distributed denial-of-service (DDoS) attack that targeted Dyn, a major Domain Name System (DNS) hosting service. In this news brief we'll address what DDoS attacks may mean to you and what you should do.
DDoS attacks aren't new. They have been a plague on the Internet for a very long time.
Let's start with some definitions. In a denial-of-service (DoS) attack, a flood of bogus traffic is sent to a target website or service which overloads the system and prevents legitimate traffic from getting through. In a distributed DoS attack, the bogus traffic is sent from hundreds or thousands of Internet-connected devices. A DNS hosting service takes the human-readable names of websites and translates them to their numerical Internet protocol (IP) address. Even though there are many DNS hosting services, Dyn is used by many popular sites. The Internet of Things (IoT) describes the capability of everyday devices to connect to other devices and to people through the Internet. These devices include thermostats, activity trackers, light bulbs, refrigerators, coffee makers, baby monitors, televisions, door locks, security cameras, digital video recorders, and many other devices.
DDoS attacks aren't new. They have been a plague on the Internet for a very long time. What is concerning about the Dyn and other recent attacks is the amount of traffic that is being generated and the number of devices being used.
The extremely large number of IoT devices makes them a perfect target for hackers. Some malware used for the recent DDoS attacks search the Internet for unprotected IoT devices that it can use. Unprotected devices include those whose passwords weren't changed from the factory default. Hacked IoT devices tend to continue working with no indication that they've been compromised.
What You Can Do to Make a Difference
As members of the world-wide Internet community we all need to do our part to protect it and ourselves. Here's what you should do.
Secure your Wi-Fi router and Smart Home hub. Take advantage of all the security features provided by the router/hub including protecting it with a password. Require a password for every device to connect to it and if possible use a different password for each device. You also need to check regularly for security updates.
Secure all of your Internet-connected and Internet-capable devices. Again, take advantage of all the security features provided. Change the default passwords. By making sure every device is secure, you will help prevent a hacker from using the device or from accessing other devices through it.
Limit access to your home network. If a device only needs access to the Internet, don't allow it to talk to other devices on your network. If the device can't communicate with the other devices on the network then if the device is compromised it won't provide access to your personal and financial information stored on other devices.
Check the security settings and permissions of all apps. You want to be able to control features and information collection that could impact the security of your device and access to your personal and financial information. Recheck after updates are made.
Install updates. Keeping your devices and apps up to date, especially with security updates, can help keep your devices and your personal information secure.
Does the device need to connect? Even though a device may have the capability of connecting to the Internet, it doesn't have to connect. If you don't plan to use its Internet connectivity, then don't set it up or disable it.
While regularly checking the security of your devices can be a pain, the peace of mind knowing that you are protecting your personal and financial information is worth it.