Cyber Attacks Can Be Scary!

Cyber Attacks -LeBlanc CommunicationsThe widespread cyber attack on October 21st impacted websites many of us access on a daily basis - Twitter, Netflix, Spotify, PayPal, Reddit, The New York Times - and, believe it or not, LeBlanc Communications!
 
We noticed that our website was temporarily down as part of at least three distributed denial of service (DDoS) attacks, which are specifically devised to flood a website with so much traffic that normal service is compromised. These far-reaching attacks, originally thought to be experienced only on the East Coast, impaired access across the United States and internationally.
 
Dyn.com, a cloud-based Internet management company, was the primary target of this attack. Dyn, and its very popular DynDNS.org are commonly used to help dynamic-ip-address users (especially home Internet subscribers) to reach their devices even though they don't have a static IP Address like businesses would have. Click here to read Dyn's Statement about the attack.

baby monitorThe attacks were designed to use common Internet-connected devices, such as baby monitors, webcams and home-based routers. As security experts have been predicting, our ever-growing "Internet of Things" (IOT) increases our efficiency and connectedness, but also exponentially adds to our risks.

One of our IT security partners is The Technology Group in Hartford. We checked with them for feedback on what happened. According to Jay Adams, Manager of IT Security and Assurance Services, "The Internet of Things (IoT) is to blame. It was not just one attack but a series of attacks throughout the day. The Mirai botnet, which was blamed for the attack, looks for certain Internet of Things (IoT) and smart home devices, such as those that are using default usernames and passwords, and turns them into 'Web robots' or 'bots' to use in cyber attacks."

Here are some tips he gave us for what to do to keep your devices from becoming part of these wide-scale attacks:

  1. Change Default Passwords of these sorts of devices. If you have a nanny-cam or smart network thermostat, take the time to login and CHANGE the password to something unique.
     
  2. Disable Universal Plug-and-Play (UPnP): UPnP comes enabled by default in every IoT device, which creates a hole in your router's security, allowing malware to infiltrate any part of your local network.
     
  3. Disable Remote (web) Management: Go into your router's settings and disable remote management protocol, so there is no way someone can remotely program your device.
     
  4. Last, but not least, always keep your connected devices and routers up-to-date with the latest vendor firmware.
The Technology GroupHere's a convenient website (http://www.whatsmyip.org/port-scanner) that will check which ports the world sees open on your IP Address.  Try this from home or your office to see the more common ports that might be reachable using your IP Address.
 
If you're interested in learning about how to protect your network or other systems, call LeBlanc Communications today at (203) 938-3000 to see how we can help!