As you probably know DynDNS was a victim of a Distributed Denial of Service (DDos) attack on 10/21/16. DynDNS provides Dynamic DNS services primarily for devices that do not have static IP addresses. This attack took out NetFlix, Spotify, Reddit and others. It primarily caused problems with servers on the East Coast. Their service allows users to access a computer and/or services with a consistent fully qualified domain name (FQDN), regardless of the IP address that is assigned to the device. According to DynDNS' site, this attack involved over 10 million separate devices. The Mirai Botnet was used to search for Internet of Things (IoT) devices (cameras, DVRs, etc.) that have weak passwords. Once a device is compromised by the Mirai Botnet, the device turns into a zombie, reports to a command and control server and waits for instructions. The compromised devices had the following password issues:
- Some devices have passwords that are hard coded in the hardware, so the password cannot be changed.
- Some devices never had their default passwords changed.
- Some devices had their passwords changed, but used ineffective passwords like password, p@$$w0rd, 1234, 12345, asdf etc.
This attack is a symptom of a much larger issue. It is CRITICAL to change default passwords with a strong password whenever possible. Do not purchase hardware devices that do not support password changes. Ideally passwords should be unique for each device. We suggest NOT placing any IoT devices on your corporate network. If you must place them on your network, isolate them on a vLAN using a separate subnet. Use a Stateful Inspection Firewall to segregate IoT devices from all other devices on your network. Although this attack is relatively low tech, it is extremely effective and is most likely just a preview of larger future attacks. Please DO NOT leave any default passwords in place on any device, or you will contribute to this growing problem.