Rise of the Machines: The Dyn Attack Was Just a Practice Run

As the adversarial threat landscape continues to hyper-evolve, America's treasure troves of public and private data, IP, and critical infrastructure continues to be pilfered, annihilated, and disrupted. The Mirai IoT botnet has inspired a renaissance in adversarial interest in DDoS botnet innovation based on the lack of fundamental security-by-design in the Internet and in IoT devices, and based on the lack of basic cybersecurity and cyber-hygiene best practices by Internet users. In this publication, entitled "Rise of the Machines: The Dyn Attack Was Just a Practice Run," the Institute for Critical Infrastructure Technology provides a comprehensive and detailed analysis of this threat which has forced stakeholders to recognize the lack of security by design and the prevalence of vulnerabilities inherent in the foundational design of IoT devices. Specifically, this report contains: A concise overview of the basic structure of the Internet, including key players and protocols (ISO OSI, TCP/IP) The anatomy of a Distributed Denial of Service Attack (DDoS) including details on Constructing Botnets, Conventional vs. IoT Botnets, Launching a DDoS Attack, and DDoS-as-a-Service An overview of the Mirai Incidents including KrebsonSecurity, OVH ISP, Dyn, Liberia, Finland, the Tump / Clinton Campaigns, WikiLeaks and Russian Banks The evolution of IoT malware including profiles on Linux.Darlloz, Aidra, QBot/Qakbot, BASHLITE / Lizkebab/Torlus/gafgyt, and Mirai A discussion on the sectors at greatest risk including the Financial, Healthcare and Energy Sectors Recommendations and Remediation to combat this threat