Distributed Denial Of Service Attacks And Why It Matters So Much To Mariners.

Posted on 28th October 2016

On the 21st October 2016 attackers utilised the, so-called, Internet of Things (IoT) to create the largest single Distributed Denial of Service (DDoS) attack to date. The attackers were able to use millions of passive connected devices and turned them into remote tools or ‘bots’. It was these ‘bots’ that then became the weapons in this attack.
 
What Is The Internet Of Things? (IoT)
We are all getting increasingly dependent on Internet connected devices, often without realising it. Devices ranging from WiFi routers, smart TV’s, RFID enables devices, durable goods, cars, industrial components, sensors, and myriad other everyday objects are dependent on Internet connectivity and powerful data analytics to transform the way we work, live, and play. Many of these devices ask for permission to communicate data with their manufacturer others do this by default, or receive automatic updates. These devices are essentially passive; or so you may think.
How Did They Do That?
Hackers used these passive devices to load malicious code and then direct their attack. The base code used in this attack is currently being traded in a number of locations on the dark web. In addition, user names and passwords on millions of IoT devices are easy to access either because the password is known, many are never changed and some may even be hard-coded by manufacturers so they cannot be changed. A survey by ‘We Live Security’ in 2014 identified 73,000 surveillance cameras in the US using default passwords[i]. Using the usernames and passwords to provide access, malware was loaded onto accessible devices.
 
The objective of the attack was to overload the servers that act as post offices’ to route your enquiry to the correct website; this is known as the Domain Name System (DNS). Once the malware was loaded it contained instructions to send out enquiries to one of the largest DNS servers operated by a company called DYN. The attackers instructed all the devices that had been hijacked to send data to the DYN servers at a specified time and date and flooded them with data. The effect of this was that nobody else could get through the server that was being bombarded. This meant when people tried to connect to websites via DYN, nothing happened. There was no problem with the websites themselves, but they could not be accessed. Companies affected by his included Twitter, PayPal, Verizon, Comcast, and the PlayStation network among many thousands of others. The cost of this DDoS attack is yet to be calculated.
                 
Why Does This Matter To The Maritime Sector?
As maritime operations become increasingly dependent on seemingly benign technologies being integrated across port and terminal facilities as well as shipboard systems, it is important to fully understand the risks to and from this technological ‘ecosystem’. If a security camera can be instructed to send data remotely it can also be instructed to turn off and on.  Indeed any system that sends system updates or receives instructions or updates automatically are vulnerable to attack including so-called ‘man in the middle’ attacks where a threat actor intercepts transmission and provides alternative instructions to the targeted devices. Large private yachts, shipping companies, port and ship operators are at risk.
 
What Can the Maritime Sector Do?
Maritime companies, ship owners, operators and port operators should review their technology ecosystem and consider penetration testing to identify critical system vulnerabilities. Policies should be reviewed and revised to take into account the new threat environment we now live in. Finally, for sophisticated systems on large private yachts, ships and in port operations centres, owners and companies should consider continuous monitoring and alerting systems to prevent their systems being hijacked, hacked or infected with spyware or malware.
 
Andrew Williams Consulting can provide support through penetration testing, policy review, revision and designing and implementing secure technology systems.   

Please contact us to find out more about how Andrew Williams Consulting can help you. http://www.awilliamsconsulting.com/contact
 
Back To Blog »
© Copyright 2021 Andrew Williams ConsultingWeb Design By Toolkit Websites