DDoS attacks: Internet Startups should be worried

From our Tech Desk

Friday the 21st, was as a nightmare as Friday the 13th.  If you are an Internet startup, you should be worried.  Most of the Internet startups, which consumers are relying on for their financial, lifestyle and business needs, build ‘functions’ and ‘scale’ before securing them.

The DDoS attacks on the 21st indicates how vulnerable the Internet is.  With more push for ‘Internet of Things’ in our daily lives, the ‘Things’ acting being complicit to ‘business disruptions and losses’ is a real, real worry.  The day saw atleast three waves of attacks, with shifting sources, and the usage of IOT devices on a large scale on websites that lot of consumers and businesses use.  Twitter, Spotify, Amazon.com, Reddit, were some of the key major sources of attacks.

Friday DDoS attack: Image Courtesy: True Vault
Friday DDoS attack: Image Courtesy: True Vault

As per our statement from Kyle York, Chief Strategy Officer of Dyn, the Managed DNS services provider, ‘At this point we know this was a sophisticated, highly distributed attack involving 10s of millions of IP addresses. We are conducting a thorough root cause and forensic analysis, and will report what we know in a responsible fashion. The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations. We can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.’  ( Source: Dyn Website)

Now, this could have happened to any business that is dependent upon Internet.  Dyn thanked its staff, and the Internet community at large in terms of their efforts to identifying and stemming the tide.  However, they have encountered three attacks so far, with the source of attacks shifting every time. Starting with the East Coast of the US, it shifted to West and then Europe in each attack.

Most services or premium websites were unavailable through the day.  The attack was to choke the pipe that leads to these websites, through flooding of traffic, thereby cutting of genuine traffic. n a Denial of Service (DoS) attack, the perpetrator overwhelms a target company by flooding their service with so much phony traffic that their service is unable to serve authentic requests. Practically speaking, this renders the service unreachable for normal users.

The key message here is that startups in both US, India and elsewhere have built mission critical, consumer driven business applications that are vulnerable to such attacks.  The attack is an eye opener for the CIOs and CISO’s to urgently relook at their approach to building scalable technology without securing them.

The economics of IOT devices may be one of the reasons that they stay vulnerable.  Bruce Schneier, CTO of Resilient, an IBM company argues that IOT systems are deployed for more than a decade, and generally the thankless pawn in the chessboard.  The efforts to protect other devices like computers or servers don’t go into sensors. And the economics don’t justify complications.  So neither the seller nor the buyer cares about security.  And that is what has been exploited by the attackers.

This is the first sign of possibly challenging times ahead for startups and new age businesses.  Internet startups should be worried.

-Ashok Subramanian




Be the first to comment

Leave a Reply

Your email address will not be published.