INFO5301 Analysing Security Incidents
- Customers suffering from disruption included Twitter, SoundCloud, Spotify, Netflix, Red-
dit, Pagerduty, Shopify, Disqus, Freshbooks, Vox Media, PayPal, Etsy, Github, Heroku, Time,
PlayStation, the Intercom app, AWS and more.
- Attack mainly impacted managed DNS customers in US East
2.2Explain how this security incident happened?
Answer: DDoS attack was carried out using Mirai Botnet. Mirai is a tool that uses IoT
devices for DDoS attacks. The malware continuously scans the Internet for IoT systems pro-
tected by factory default or hard-coded usernames and passwords, before compromising
them and using them for DDoS attacks. This attack used a Mirai botnet that enslaved digital
video recorders (DVRs) and IP cameras made by the Chinese tech company Xiongmai Tech-
nologies, which sells its components to other vendors. Dyn suffered three waves of attack,
the first affected the east coast of the US, the second had a more global impact, but the third
was successfully mitigated
2.3 What are the other attacks that leveraged the same technique?
Answer:
- There have been many security incidents related with DDoS attacks. e.g, OVH DDoS attack
(https://securityaffairs.com/51640/cyber-crime/tbps-ddos-attack.html)
- Note: There are different types of DDoS attacks, namely, UDP Flood, ICMP Flood, and
Ping of Death etc. In all these cases, a significant amount of network traffic floods into the
host servers, interrupting their normal operation.
2.4 What they could have done to prevent the incident?
Answer:
To reduce DDoS attacks
- Scaling: Improve bandwidth and server capacity to mitigate the attack.
- Rate Limiting: Accept normal (legitimate) traffic and drop abnormal (illegitimate) traffic
- Web Application firewalls: create customized mitigations against illegitimate requests (EG:
unexpected geographies)
To reduce attacked through IoT devices
- Harden IoT Security
- Impose security regulations on IoT manufacturers (Through government regulations)
Duration: 20 min
Exercise 3:
Target Corporation is the eighth-largest retailer in the United States. In 2013 December,
the Target Corporation’s network experienced a cyber-attack that resulted in massive data
breach.
Information Security Management Page 3of 5