Introduction
The recent attack on Dyn shows clearly that cybercrime still remains a major threat that can affect the effectiveness of many online systems. The increasing number of internet users and online-based transactions continue to threaten the sustainability of different servers. Hackers are monitoring these changes in order to attack their victims. The case of Dyn attack presents powerful insights that should be taken seriously in order to minimize the chances of being attacked by cybercriminals (Perlroth, 2016).
Existing Vulnerabilities Prior to the Attack
The nature of this attack shows clearly that some vulnerabilities or gaps existed before the incident. To begin with, the firm had failed to monitor and screen various software threats. Some software programs are used by hackers to command different internet-connected devices (Perlroth, 2016). Failure to screen suspicious online activities and software programs must have led to the attack. Dyn must have also failed to implement appropriate security measures to prevent cybercriminals from carrying out Distributed Denial of Services (DDoS). The firm lacked an adequate program to monitor every unsecured Internet of Things (IoT) device. These devices are usually ignored by internet users despite the fact that they are used to execute cybercrimes.
The service provider had not informed or guided different clients to use patched and properly-secured websites. This strategy could have played a positive role in averting the attack. This attack shows conclusively that Dyn’s system did not encourage subscribers to use strong passwords and patched servers. Issues such as spam zombies and DDoS bots had been ignored (Torrisi, 2016). Firms receiving services from Dyn were not guided to embrace various strategies capable of strengthening the security of the system. These vulnerabilities made it easier for responsible cyber-crooks to attack the system.
Countermeasures
Several countermeasures should have been considered in order to mitigate the vulnerabilities. It is agreeable that the attack made it impossible for many firms and customers to achieve their potentials (Perlroth, 2016). The attack could have been averted if Dyn had “supported the clients to set up a Secondary DNS environment” (Torrisi, 2016, para. 1). A “redundant DNS strategy can be helpful whenever there are DNS-directed DDoS attacks” (Torrisi, 2016, para. 3). This countermeasure could have prevented the attack from happening. The concept of zone management has been observed to strengthen the effectiveness of many systems. These infrastructures can be used to monitor and conquer attacks in a timely manner.
Dyn should have empowered and guided its clients to use preventative measures such as antivirus and monitoring systems. These security measures would have denied crooks access to the systems. Monitoring practices can ensure every system operates optimally (Perlroth, 2016). Strong passwords and patched-websites could have averted the attack. The service provider should have guided different subscribers to monitor different devices such as printers and cameras. This countermeasure could have played a positive role in making the systems less vulnerable.
Issues Associated with the Attack
The “Dyn has servers that reroute and monitor internet traffic” (Perlroth, 2016, para. 3). The targeted attack resulted in denial-of services thus making many websites inaccessible. The hackers are believed to have targeted thousands of internet-of-things (IoT) in order to execute the attack. Some of the devices connected to the internet included printers, home routers, cameras, and baby monitors. After the attack, experts have indicated conclusively that the increasing number of IoTs will present a major security issue. This is the case because hackers are presently targeting these devices to execute their internet-based attacks.
Some firms used a number of countermeasures to prevent similar attacks in the future. For instance, Dyn embraced the power of multiple DNS environments. The use of redundant DNS was supported because of its effectiveness in minimizing DDoS attacks (Torrisi, 2016). Additionally, many companies decide to push their systems to cloud computing providers. The move was undertaken in order to make the systems less accessible and hard to attack (Torrisi, 2016). The attack affected business-wide system security thus making it impossible for many companies to execute their functions.
The government focused on new measures to protect different systems. The Department of Homeland Security was also investigating the attack in order to come up with better regulatory measures. Although these countermeasures remain critical towards dealing with similar threats in the future, the most agreeable fact is that the increasing number of IoTs presents numerous challenges that must be addressed from a cyber-security perspective (Sarate, 2016). This is the case because more hackers are coming up with new strategies thus increasing the risk of cyberattacks.
Recommended Mitigation Procedures
The best approach towards dealing with cybercrime is embracing the most appropriate mitigation procedures. This means that companies and individuals using the internet should be on the frontline to implement the most effective and sustainable mitigation procedures (Sarate, 2016). The cyberattack on Dyn is a clear indication that cybercrime is a reality and can affect the effectiveness and performance of many organizations. That being the case, appropriate mitigation procedures can be critical towards preventing similar attacks.
The first thing is through the use of complex authentication procedures. Such procedures can be characterized by codes, passwords, and fingerprints to ensure unauthorized persons do not have access to the targeted systems. Companies should ensure their systems and websites are supported by improved access controls (Torrisi, 2016). This practice will ensure only authorized persons have access to targeted websites or devices.
Malicious codes can be combated using patched software. Once such codes are combated, it will be possible to improve the level of security. Effective firewall configurations can improve the security of different programs, operating systems, and computer applications. Companies and individuals should ensure compromised hardware is identified within the shortest time possible. The comprised hardware system can increase the level of vulnerability (Skyrius, Kazakeviciene, & Bujauskas, 2012). This fact explains why such hardware should be replaced immediately.
Users should “turn off remote access to the internet of things (IoT) devices like cameras and printers” (Ducklin, 2007, para. 7). This strategy will make it hard for hackers to use devices to pursue their malicious goals. Firmware updates should be installed immediately in order to maximize protection (Ducklin, 2007). Individuals whose computers and devices are connected to the internet should engage in constant scanning in order to monitor security holes.
When such holes are identified, it will be easier to fix them before the hackers use them to pursue their missions. Some devices are characterized by risky settings. Users should ensure such settings are turned off before using the gadgets. Organizations and computer users should go further to use updated antivirus software (Sarate, 2016). Combining these strategies can play a positive role in averting different cyber attacks. The approach will support the needs of many internet users.
References
Ducklin, P. (2016). Dyn DDoS – what can we do right now to help prevent the next attack? Naked Security. Web.
Perlroth, N. (2016). Hackers used new weapons to disrupt major websites across U.S. The New York Times. Web.
Sarate, F. (2016). Hackers used new weapons to disrupt major websites across U.S. Proteja Sua Familia. Web.
Skyrius, R., Kazakeviciene, G., & Bujauskas, V. (2012). From management information systems to business intelligence: the development of management information need. International Journal of Artificial Intelligence and Interactive Multimedia, 2(3), 31-37.
Torrisi, M. (2016). Advanced secondary DNS for the technically inclined. Dyn Blog. Web.