If you’re located in the Northeastern U.S., you may have noticed many of your favorite websites or web services were unreachable late last week. From Netflix to Spotify, Github to the New York Times, Reddit and Twitter, many of the Internet’s most popular sites were seemingly offline for large swathes of Friday. All the sites came back online within a few hours, but the incident highlighted two troubling developments you should take note of.
For anyone that doesn’t know the background of this particular attack, no systems were actually breached by hackers (at least, there’s no evidence to suggest that as of yet). Passwords weren’t stolen, data wasn’t compromised. Instead, the hackers used a sophisticated distributed denial-of-service attack (DDoS). For some background, see the New York Times write-up from last week. An excerpt:
A distributed denial-of-service attack, or DDoS, occurs when hackers flood the servers that run a target’s site with internet traffic until it stumbles or collapses under the load. Such attacks are common, but there is evidence that they are becoming more powerful, more sophisticated and increasingly aimed at core internet infrastructure providers.
Another excerpt to give you one more piece of context — the attacks focused on a particular company integral to the infrastructure of the web, Dyn:
Dyn is one of many outfits that host the Domain Name System, or DNS, which functions as a switchboard for the internet. The DNS translates user-friendly web addresses like fbi.gov into numerical addresses that allow computers to speak to one another. Without the DNS servers operated by internet service providers, the internet could not operate.
Why is this important beyond giving you news? Because it shows that hacking a specific company for passwords or data is not the only way hackers or nefarious actors can do serious damage to the web as we know it. And, coordinated attacks on the internet’s infrastructure have far wider ranging effects than attacks on a single company or website.
All of this is to say there are many ways your company and data can be put at risk. And, if you’re not giving it your full attention, attacks like these could devastate your company.
The Internet of Things (IoT) has long been hailed as a boon to modern life. Smart refrigerators that can sense what food you have available and pull recipes for you; connected homes that can turn lights off as you move from room to room; smart thermostats that regulate temperature and save power… the list of possible technologies and features is endless. But, as all of those devices come online, it leaves every system that interacts with them more vulnerable.
As the DDoS attack showed, these devices, many of which don’t have the highest grade security baked in, can become infected with malware. This can lead to a number of unintended consequences, but as was seen last week, the millions of devices, all connected to the web, can act as miniature computers making constant requests from an infrastructure provider like Dyn.
By weaponizing huge swathes of the IoT, the hackers tapped into an unused source of overflow web traffic for carrying out a DDoS attack. But, if so many devices were infected, it begs the question: “what else could hackers do with IoT devices?”
Companies and consumers alike need to vet the technology they let into their offices and homes, and IoT devices are no different. How good are their security precautions, really? What’s the level of encryption?
You get the idea.
Security is more important now than ever before. And, as connected devices proliferate, they can be used nefariously without your knowledge or involvement. So, it’s incumbent on you to know how secure the systems you choose to let into your lives actually are, and make your purchasing and installation decisions accordingly.