What Is Going On?
Recently a major website directory provider, Dyn, was taken offline twice in one day. For many people, email, popular websites, and online convenience were disrupted. While annoying, this attack certainly was not the end of the world or, so it appears, greatly damaging to our way of life. So what is going on here?
Seriously, each second billions of dollars of bank transactions flow through the Internet and processing these transactions is the lifeline for many banks and, as a dependent chain, our entire economy. The term “transaction” is pretty vague here but, suffice to say, it is meant to cover the entire realm of online financial processing. That includes bank-to-bank and bank-to-merchant/consumer (think credit cards, ATM withdrawals, deposits, etc…). Now realize that this last attack complete shutdown online processing for up to 6 hours.
And we really do not know the full range of IoT devices used as the hackers simply turned the attack off before all of the devices were even close to being discovered.
Meaning those 150,000 to 200,000 devices are most likely still ready to be used – along with potentially billions of other wide open IoT options.
To make things worse, the hackers are getting better at these attacks. There are an estimated 17 BILLION devices at their disposal right now – and billions more being added – so the current attacks are more of learning exercises than anything else. Last month this same attack was directed at European companies. In that attack, the devices were mostly left on, discovered and shut off. The intent was to learn how long it took authorities to trace the attacks to the devices.
This past attack was a leap in capabilities. Almost all of the devices were turned off before the devices could be discovered. Think of this in the light of those films where the fugitive hangs the phone up just before a trace can be completed. Now some devices got caught talking about their lives but, for the most part, these devices got away and can be reused.
There will most likely be a few more of these minor forays as hackers figure out both timing, attack effectiveness and how to prolong the duration of attacks across an extremely wide front. To this latter end, by simply switching to different groups of devices, the trace can never be properly completed. Once they have figured everything out, the true attacks will begin.
The Real Goal
The goal here is simple – ransoms. Up until now, hackers have spent considerable time and energy attempting to hold individuals hostage for trivial amounts of money. This is hard to do, requires stealing tons of data and has varying level of success. Moreover, anti-malware efforts are making this attack angle increasingly difficult.
Why attack one person when they can take down an entire building, city, country?
This is not some SiFi film – it is reality. With a few hundred thousand devices, the entire east coast of the U.S. was taken offline – now imagine millions and billions of devices being rotated constantly. There is literally no defense and no real way to stop such an attack. Hackers now have the ability to paralyze any target they want, stop completely the online financial world and wreak havoc. Banks can only lose so many billions an hour in transaction fees before they are no longer able to survive.
So what happens in this context?
Hackers will most likely take down a target city/region for some extended period of time and then stop their attack. Then they will demand monthly ransom payments or they will turn the attack on again, this time for much longer. We, as a society, are sitting ducks and can do very little to protect ourselves.
To be clear, these attacks are going to happen.
Now Bear has the ability to both stop these attacks and prevent new IoT devices from being used BUT the adoption curve will never be steep enough. We simply cannot grow fast enough and that assumes every company realizes their peril and actually signs up. The enterprise reality when it comes to security is a far different beast…which I will blog about next week!