This past week, a Distributed Denial of Service (DDOS) attack affected the northern region of the United States. DDOS attacks are an attempt to make online services unavailable by overwhelming one or many targets with traffic, presenting a problem to people hoping to publish and access important information. The attack was aimed at internet infrastructure service Dyn, which offers DNS services to many prominent websites, and has headquarters in the New Hampshire area. Though there have been tons of attacks prior to this, this one has seemed to shake Dyn’s system in a way that it has never experienced before.
The attack was made possible due to a malware service called the Mirai botnet. The Mirai malware continuously scans the Internet for items such as DVR’s and computer-connected cameras which are still using their default passwords. The devices are then infected and used in botnet attacks. According to an article by the United States Computer Emergency Readiness Team (US-CERT), the Mirai bot uses a short list of 62 common default usernames and passwords to scan for vulnerable devices. Due to the fact that many of these devices are unsecured or weakly secured, even this short list of default passwords allows the bot to access hundreds of thousands of devices.
While generally, a DDOS attack is more of an inconvenience to internet users than it is a threat, there is potential for information to be collected from an unsecured device. However, one can easily protect themselves and their devices from these types of malware. US-CERT offers a variety of suggestions to protecting devices before they are infected, as well as what to do if they have already been infected.
What you can do
One of the first things that can be done is making sure all default passwords are changed to strong passwords, because default usernames and passwords for most devices can easily be found on the Internet, which greatly increases their vulnerability. Devices should also be updated with security patches once the patches become available. It is also a good idea to disable Universal Plug and Play (UPnP) on routers and purchase devices only from companies with a reputation of manufacturing secure devices. Lastly, if a device comes with a default password or an open Wi-Fi connection, consumers should change the password and also change the settings to only allow it operation on a home network with a secured Wi-Fi router.
If your device has unfortunately become affected, immediately disconnect device from the network. While the device is disconnected from the network and Internet, perform a reboot. Rebooting the device is vital because Mirai malware exists in dynamic memory, and rebooting the device clears the software of the Mirai malware. Once these steps have been taken, ensure the password for accessing the device is no longer the default password, and has been switched to a stronger password. Once rebooting and changing the password, it is safe to reconnect to the network, because the device could quickly be reinfected with the Mirai malware if the important steps of rebooting and changing the password are not taken.
Though it may be hard to prevent these occurrences from happening, it is very easy to protect yourself, and the devices within your household. Now that you have this information on DDOS attacks, what can be done to either prevent them, and what can be done to reset the effects of an attack, it is easy to prevent your devices from being susceptible to the attacks and the software that causes it.