La interrupción de Internet del viernes 21 oct podría ser una muestra de lo que está por venir cuando naciones y actores no estatales dejan de utilizar la web y comienzan a atacarla.
Like poor John Hurt’s character in Alien, the internet is infected with a monster that turned on its host. Instead of using the network to send propaganda videos, or dump emails, or destroy centrifuges, Friday’s attack harnessed thousands of connected devices to take down parts of the internet itself.
The basic pattern of a DDoS attack is nothing new: an attacker uses malware to recruit internet-connected computers into a globe-girdling robot army, which upon command overwhelm their target with unwanted requests. What’s changing is the tremendous growth in the Internet of Things, or IOT, the devices — from PCs to home routers to smart refrigerators — that we attach to the net. Far too many of these are installed with widely known factory-default passwords or other vulnerabilities, making them easy recruits for bot armies.
“The volume of DDoS attacks has more than doubled over the last 18 months. It’s now approaching 650 gigabytes a second. That’s only possible because they’ve been recruiting IOT devices,” said one government official with direct knowledge of the attack. “We need to have a deliberative conversation about baking in security as much as possible into Internet of Things devices.”
On Friday, at a signal from an as-yet-unknown party, thousands of internet-connected devices began sending waves of data at Dyn, one of the domain name server, or DNS, companies that link the internet’s backbone to the human-readable web. Hundreds of websites, including Twitter, the New York Times, Reddit and Amazon, went down for hours.
Fuente: http://www.defenseone.com
