The Lesson from the Dyn DDoS Attack

Sam Bloedow
letters DDOS on top of binary code DDoS attack

A vital piece of internet infrastructure was attacked on October 21, resulting in many popular websites like Amazon, Twitter, BaseCamp and Paypal being unavailable for a time. The incident happened as millions of enslaved computer devices flooded the Doman Name System (DNS) provider, Dyn, with a Distributed Denial of Service (DDoS) attack by throwing so much traffic at it from so many sources that it was forced to shut down.

Watch: The Business Leader's Role in Cybersecurity for the Modern Workplace

When you go to a web address by typing a URL into your browser or clicking on a link, you are not taken immediately to that website. On the way to your requested page, the letters in the URL have to be translated to a specific internet address made up of numbers, which is the job of the DNS provider. By attacking the DNS host, this DDoS attack reached out to many websites at once by focusing on one mechanism that makes the internet work.

The sheer number of requests or traffic directed at the website or hosting provider causes a DDoS attack to be successful. Reports from TechCrunch indicate that security cameras, DVRs and webcams were part of the army of devices that took part in the Dyn attack. Devices like these are considered part of the Internet of Things (IoT). Each one has its own IP address, and if vulnerabilities exist in its software or security perimeter, they can be exploited and enslaved into a botnet army that marches to the orders of a cybercriminal general, all unbeknownst to their owners.

The Dyn cyberattack shows us that our business technology can be vulnerable to incidents outside our company perimeter. It also reminds us that every device connected to our network needs to be protected. While we cannot control the mechanism of the internet, we can be proactive about how we approach security and plan for potential business degradations due to cyber attacks.

Cybersecurity aims not just to repel attacks but to become resilient. When cybercriminals seek to disrupt how we conduct business, resilience is how we manage the business impact of any incident that might occur, including those incidents that happen outside the walls of our own companies.

The Lesson from the Dyn DDoS Attack

STAY UP TO DATE

Subscribe to our email updates

STAY UP TO DATE

Subscribe to our email updates