The distributed denial of service (DDoS) attack on Oct. 21 prevented access to major websites and services, including Twitter, Netflix, Reddit, CNN, sites based in Europe and hundreds more.
This DDoS attack, the largest known to date, was accomplished by directing millions of internet-connected devices around the world to simultaneously send data to major domain name service (DNS) provider Dyn. Dyn serves as a directory for the internet. When you type “CNN.com” into your browser, it sends “cnn.com” to the DNS provider, which directs your browser to the specific internet protocol (IP) address of the CNN servers. By flooding this directory, internet users could not be directed to the websites they requested and were effectively denied service.
Many of the attacking devices were internet-connected webcams and video recorders. Vulnerabilities in the devices’ software allowed hackers to leverage malware called Mirai to take control of the devices and form a huge “botnet,” a combination of “robot” and “network,” to launch the DDoS attack.
Although the attack appeared to be regionally isolated to infrastructure on the East Coast of the U.S., it affected services worldwide. International businesses like Netflix were affected, as were Hawaii businesses that relied on cloud services hosted on the mainland. As more local businesses leverage cloud-based services hosted on the mainland and elsewhere, they are increasingly affected by these types of worldwide attacks.
Here are some action items to help mitigate the effects that the next global DDoS attack could have on your business:
>> Take inventory of your internet-based applications and services that rely on connectivity to resources outside Hawaii. Ask the service providers about their DDoS contingency plans, and adjust your plans accordingly. For example, how would you continue to use their service if their data centers were inaccessible?
>> Assess the impact on your business if you lost internet service to the mainland. How much money would you lose in the first
24 to 48 hours? Are there Hawaii-based services available that you could use instead? How would you continue to run your business? How would you complete business transactions if service was disrupted? How would you deal with new transactions during the outage?
>> Make sure you maintain backup copies in a geo-diverse location of all critical information that’s stored on mainland data servers. If feasible, make periodic copies that you can securely store on your infrastructure or at a local data center so that you still can get access if you need to.
>> Develop a communications plan for your customers and employees. How would your customers reach you, and how do you let them know about the alternate means of communications? How will you communicate with your employees, and what are their priorities when mainland-based applications are down?
>> Continue to implement good security on your information technology infrastructure. If you use internet-connected devices such as webcams and video recorders, make sure you protect them from being hacked. In addition, secure them with strong passwords and keep them up to date with the latest software patches.
During these massive attacks, the large service providers you rely on will understandably prioritize restoring services to their largest customers first. Therefore, it is prudent for small businesses in Hawaii to make contingency plans for longer outages during a DDoS attack on one of their service providers. As my mom always said, “An ounce of prevention is worth a pound of cure.”
Michael Miranda, director of information security at Hawaiian Telcom, holds current Global Information Assurance Certification (GIAC) and is a Systems and Network Auditor (GSNA), a Certified Intrusion Analyst (GCIA) and Certified Forensic Analyst (GCFA). Reach him at michael.miranda@hawaiiantel.com.
