Historical: DDoS and Botnets

Once the plaything of Lizard squad and script kiddies, DDoS is now something the big kids can wield to cause a whole lot of havoc. I have a bad feeling the Dyn takedown in October was just a preview of what’s coming.  I’ll do a blogpost about the DYNDoS ofOct 2016 and details new developments quickly here.

Lloyd’s Bank hit by DDoS attack (January 23, 2017):  We’re just hearing about this now, but on January 11 the venerable Lloyd’s Bank of London was struck by a DDoS attack that lasted until Friday January 13th.  Attackers tried to crash the Lloyd’s site, causing issues for customers and impacting some access to online banking.  The bank did not lose money, nor data, nor was the impact significant.  Law enforcement is investigating. http://news.softpedia.com/news/lloyds-bank-hit-with-ddos-attack-for-three-days-straight-reasons-yet-unknown-512114.shtml

Brian Krebs on Who is Behind the Mirai Botnet (January 18, 2017): DDoS became a household word last October when the east coast went down in with the attacks against DYN via the massive Mirai-powered botnet. Security researcher Brian Krebs experienced the wrath of its creator first hand when his site was brought down hard, and went looking for who was responsible.  This reads like a story of hackers vs hackers.  More importantly, it’s a clear warning that the latest gen of hacker/attackers don’t follow the rules as we know them, and will strike out of retaliation, based on their perceptions.  https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/

DDoS and The Risk ahead to Healthcare Devices (December 30, 2016): As 2017 unfolds, projections are made.  There are serious, and well-founded, concerns regarding medical devices and their risk to becoming mobilized as botnets via malware like Mirai. Unfortunately, last year made DDoS and botnets almost household terms with massive attacks. But “it may be only a matter of time before an adversary adapt an IoT malware such as Mirai, to harness the computational resources of medical devices because many lack basic access controls such as multi-factor authentication (or any authentication whatsoever)”.  http://healthitsecurity.com/news/icit-finds-healthcare-sector-at-great-risk-for-ddos-attacks

Massive DDoS attack against DYN (Oct 21 2016): Mark this one as a day of infamy. “DNS provider Dyn has confirmed two massive distributed denial of service attacks against its servers Friday impacting many of its customers including Twitter, Spotify and GitHub. The attacks came in two waves, one early Friday morning and a second just a few hours later.”   Hours later, service was still impacted. There were outages or extremely sluggish performance impacting: Twitter, Etsy, Github, SoundCloud, Spotify, Heroku, PagerDuty and Shopify. A massive Mirai botnet  https://threatpost.com/dyn-confirms-ddos-attack-affecting-twitter-github-many-others/121438/



What We Need to be Watching for (Oct 5 2016): All that stuff that connects. It’s going to be our undoing in a big way. Security researcher Brian Krebs suffered a massive and sustained attack against his website by DDoS using Mirai code and a massive army of bots. In retaliation for a stance he took. We need to be expecting more of this to come. Freedom of speech isn’t a right respected by the scriptkiddies.   https://threatpost.com/iot-botnets-are-the-new-normal-of-ddos-attacks/121093/