Last year's big DDoS attacks were only the beginning

By

[Blog post] Krebs, Dyn, Lloyds ... and more to come.

All signs point towards the recent trend of high-profile DDoS attacks being a warning of what we should be bracing for this year. 

Last year's big DDoS attacks were only the beginning

It's barely only just 2017, and today Lloyds Bank became the third in just months to admit that service issues its customers experienced two weeks ago were the result of a two day-long DDoS attack.

The October attack on Dyn last year made headlines because it affected many of the web’s biggest brands, with services such as Airbnb, Amazon, GitHub, Spotify, Tumblr, and Xbox Live taken offline for significant periods of time.

It was preceded in September by another high-profile attack: the huge flood of traffic directed to journalist Brian Krebs' site.

These attacks are a big concern for all web-centric businesses, especially now that the source code for the Mirai botnet - which was behind the Dyn and Krebs attacks, and utilises a plethora of easily exploited internet of things devices - has been published online.

This source code release - published by the perpetrator of the Krebs attack, dubbed "Anna Senpai" - means anyone with a bit of technical knowledge has an easy weapon, as already seen through subsequent copycat attacks against services like UK telco TalkTalk and the UK Post Office.

Krebs has spent the months following the attack on his site working relentlessly to figure out who’s behind Mirai. 

His investigation took him into Microsoft’s online Minecraft community, where he unearthed clues to Anna Senpai's real identity.

Krebs found that Mirai heralds from a group of "internet hooligans” calling themselves Leldos, who run a DDoS for hire service.

Lelddos has apparently been targeting lucrative Minecraft servers for the past few years, prompting some of the most profitable Minecraft operators to turn to organisations like ProxyPipe for server DDoS protection.

But ProxyPipe was also hit by a massive DDoS attack in 2015, launched from a botnet of IoT devices, such as web cameras – sounds familiar, right? ProxyPipe’s CEO Robert Coelh alleged that these attacks came from a competing security firm that also provides DDoS protection for Minecraft servers. 

It's an intruiging, convoluted tale of rivalry, one-upmanship, and extortion that has involved Dyn, Krebs, and ProxyPipe directly, making it clear why those three were targets of DDoS attack.

We know that the hacker’s arsenal is continually in development, but this story demonstrates the extreme lengths that some will go to take a pot shot at your organisation.

DDoS attacks like the above are only expected to grow: Akamai's state of the internet security report for Q3 last year revealed a 125 percent year-on-year increase in these types of attacks [pdf] - and that's without even taking into account the publication of the Mirai source code.

Clearly only time will tell what the real impact of Mirai is, but the poor security of IoT devices suggests it's not going anywhere any time soon.

If your systems are exposed to the internet, you are a target. Krebs' investigation is a great case study to help communicate your concerns to the board and get your executives understanding that investing in security controls isn't optional: it's what your business needs to stay alive.

Got a news tip for our journalists? Share it with us anonymously here.
Tags:
Tony Campbell
Tony Campbell has been a technology and security professional for over two decades, during which time he has worked on dozens of large-scale enterprise security projects, published technical books and worked as a technical editor for Apress Inc.

He was was the co-founder of Digital Forensics Magazine prior to developing security training courses for infosec skills.

He now lives and works in Perth, where he maintains a security consulting role with Kinetic IT while continuing to develop training material and working on fiction in his limited spare time.

Read more from this blog: Unpatched

Most Read Articles

Services Australia's sweeping security uplift plans for myGov

Services Australia's sweeping security uplift plans for myGov

Medibank allegedly missed EDR alerts before data breach

Medibank allegedly missed EDR alerts before data breach

Northern Beaches Council reviews security stack to shore up widening perimeter

Northern Beaches Council reviews security stack to shore up widening perimeter

CrowdStrike rejects Delta Air Lines claims over outage

CrowdStrike rejects Delta Air Lines claims over outage

Log In

  |  Forgot your password?