Sometimes cyberattacks come from a direction you weren’t really expecting. We all know about threats from ransomware, nation-state actors, industrial espionage, or hacker collectives looking for personally-identifiable information (particularly for credit cards). But we probably weren’t expecting our sites and services to be collateral damage in a small but nasty war in the world of Minecraft gaming server providers.
That’s what seems to be the reason for the rise of the Mirai botnet, and its attacks on the Dyn cloud DNS provider and the French hosting service OVH in October 2016, according to a report by security journalist Brian Krebs. Perhaps best thought of as a digital version of the classic organized crime protection racket, botnets were being used to encourage Minecraft server owners to sign up to the botnet owners’ DDoS protection services.
Using the Mirai botnet- which took advantage of unprotected firmware in certain IoT devices-attackers were able to quickly flood DNS servers, making it impossible for users to contact the services they wanted to use (most of which weren’t Minecraft servers!). The botnet used in the attack on OVH involved over 170,000 compromised devices, from all over the world.
What was different about these attacks was their scale, and their use of unprotected IoT devices, rather than compromised PCs. So how can we defend our networks and our users against attacks that take advantage of consumer hardware?
The first option is protecting your DNS services by implementing the approach we talked about in a previous blog. It’s a good idea not to rely on a single host for your DNS, and where possible to use advanced DNS hardware that can handle very high traffic, as well as identifying and blocking attacks.
While defending your own systems is important, is there anything else that can be done to stop the problem at its source?