For a few hours yesterday many Internet users on the East Coast of the United States were unable to access some of the most popular destinations on the Internet including Amazon, Twitter, Spotify, Netflix and PayPal as a result of a massive Distributed Denial of Service (DDoS) attack on Dyn a prominent Domain Name System (DNS) provider that hosts the attacked companies’ websites. Domain Name System providers permit you to type in a simple web address such as anycompany.com which then gets translated into the long, complicated numeric Internet address of the company and connects you to their website. A DDoS occurs when the DNS provider gets flooded with an overwhelming amount of traffic which causes the website to shut down. Often the traffic comes from an army of botnet computers which are computers of unsuspecting people that become infected and can be remotely used to send the huge amounts of communications necessary to cause a DDoS. This problem has become magnified as the cybercriminals infiltrate and incorporate into their botnet not just computers, but also the myriad of devices that make up the burgeoning Internet of Things. Anything that is connected to the Internet can be hacked and used to become a part of a botnet. Too often, many of these devices that make up the Internet of Things are poorly protected with weak passwords and are easily hacked.
While this particular DDoS was remedied after a few hours, the threat of DDoS attacks continues to increase. Banks and other financial institutions have found themselves particularly targeted in the last year by DDoS attacks. The potential for major disruption of the Internet by DDoS attacks is significant.
While there is nothing that we as consumers can do to stop DDoS other than to maintain the security of our own computers and devices connected to the Internet to keep them from becoming a part of a botnet, there are a number of steps that companies should be taking to protect themselves from future DDoS attacks in addition to the regular Firewalls and routers configured as best they can be to reject malicious traffic including the use of load balancers to spread traffic across multiple servers within a network to create additional capacity to handle the traffic as well as cloud based programs to identify and divert malicious traffic.
Already we have seen the threats of DDoS attacks used to extort money from companies and the threat that DDoS attacks pose is increased because cybercriminals are now selling the malware necessary to carry out such attacks on the Dark Web which is that part of the Internet where cybercriminals do business. In addition, cybercriminals can also rent the use of botnets on the Dark Web as well to assist them in carrying out their crimes.