As you have probably read—and may have directly experienced—there were major Internet outages on Friday, October 21, caused by a distributed denial of service (DDoS) attack on Dyn’s Managed DNS Infrastructure.
That resource provides Domain Name Service management for Web sites around the world, including some of the most popular, which is why those sites were inaccessible during the attack.
The next day, a statement was issued by Dyn regarding the attack and its aftermath.
What Dyn CSO Kyle York knew as of October 22:
“At this point we know this was a sophisticated, highly distributed attack involving tens of millions of IP addresses….The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations. We can confirm…that one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed tens of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.”
Others have already begun to try to sort through those possibly responsible and their motivations.
LANDESK experts weigh in
Meanwhile, here’s what some of our security-minded experts, including Chief Security Officer Phil Richards, VP of Engineering Rob Juncker, Principal Product Manager Eran Livne, and Senior Product Manager Chris Goettl, know and recommend:
- Friday’s DDoS attack on Dyn was implemented with Mirai and variants of Mirai, which is readily available, “off-the-shelf” malware.
- The attack succeeded largely by enslaving very large numbers of (largely residential/consumer) Internet-connected devices, from Webcams to “smart home” accessories, as well as poorly protected computers.
- Those “Internet of Things” (IoT) devices were and are particularly vulnerable because many if not most come with default passwords users can’t change. (Some manufacturers have already announced recalls of compromised devices.)
- Enterprise IT leaders and teams can’t do much about residential IoT devices. But those IT people should use the attack as a reminder and warning that they need strong passwords on every connected device that has a password that can be changed. IT also needs to implement tools and processes that help them to detect, prevent, and remediate malware, to keep their computers from becoming botnet slaves.
LANDESK Password Central enables users to recover, reset, and synchronize their own passwords with no IT intervention required. The solution also ensures that passwords comply with company-defined policies and are strong enough to provide adequate protection.
LANDESK Security Suite includes multiple features designed to improve detection, prevention, and remediation of malware. And there are several other LANDESK, AppSense, and Shavlik solutions that can increase and improve patch management of client and server operating systems, virtual infrastructures, and third-party applications.
Visit LANDESK online, or talk with your LANDESK, AppSense, or Shavlik representative today. Together, we can help to ensure that your enterprise is as protected as possible from future attacks—even those that aren’t targeted directly at your enterprise.