Angry at a journalist for writing mean things about you? Trying to make ends meet and need a blackmail scheme? Get your own DDoS botnet on the internet today!
That’s the multibillion-dollar question this week after hackers took down the internet on October 21 with a distributed denial-of-service (DDoS) attack on one of the largest Domain Name System (DNS) service providers in the world.
Who’s responsible is indeed a compelling mystery.
A more important and immediate consideration is how to protect your network against hackers.
Another is which companies stand to profit from the effort to ramp up security in the aftermath of such a high-profile event.
Below, we discuss two small-cap stocks and three startups that figure to benefit from rising awareness of DDoS attacks and the importance of cyber security.
Here’s what we know so far about what happened last Friday.
According to a statement released by the company, at about 7:00 a.m. (ET), New Hampshire-based DynDNS “began experiencing a DDoS attack” concentrated on its East Coast servers.
Dyn’s network team resolved the threat and restored service within a couple hours.
Dyn experienced a second round of attacks — “more global in nature” — at around noon, but managed to turn it back within an hour.
A third attempt at taking down one of the leading internet performance management companies in the United States was thwarted with no impact on customer or user experience.
According to cyber-intelligence firm Flashpoint, unknown hackers used the botnet malware Mirai to carry out the attack.
Notes Flashpoint: “Mirai malware targets Internet of Things (IoT) devices like routers, digital video records (DVRs), and webcams/security cameras, enslaving vast numbers of these devices into a botnet, which is then used to conduct DDoS attacks.”
Flashpoint was able to conclude that “at least some of the devices used in the Dyn DNS attacks” are DVRs.”
Dyn “observed tens of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.”
Brian Krebs, of the highly esteemed and widely followed Krebs on Security blog, reported late on October 21: “Allison Nixon, director of research at Flashpoint, said the botnet used in today’s ongoing attack is built on the backs of hacked IoT devices — mainly compromised digital video recorders (DVRs) and IP cameras — made by a Chinese high-tech company called Hangzhou Xiongmai Technologies.”
Krebs, a former tech reporter for The Washington Post and the author of New York Times bestseller Spam Nation: The Inside Story of Organized Cybercrime — From Global Epidemic to Your Front Door, suffered a similar attack in mid-September.
The October 21 attack on Dyn came “just hours after DYN [sic] researcher Doug Madory presented a talk on DDoS attacks in Dallas, Texas at a meeting of the North American Network Operators Group (NANOG).”
The September 20 attack on KrebsOnSecurity.com occurred “just hours after” Krebs published a story, “Spreading the DDoS Disease and Selling the Cure,” a collaboration with Dyn’s Madory.
HackForums user “Anna_Senpai” has been identified as the perpetrator of the September 20 attack. On September 30, Anna_Senpai released Mirai’s source code online.
“Since this release,” reports Flashpoint, “copycat hackers have used the malware to create botnets of their own in order to launch DDoS attacks.”
Hangzhou Xiongmai has issued a recall for its IoT devices implicated in the DDoS attack.
As for the answer to the question with which we lead today’s issue, it’s complicated.
These hackers may have been motivated by a desire to silence certain folks about their activities.
Security for IoT devices is ridiculously poor, providing easy “ins” for attackers, be they “censors” to silence critics or blackmailers looking to cash in on captive businesses or individuals.
The thing about a DDoS is that it’s not a particularly sophisticated attack. It’s just a lot of phony traffic that makes it harder for legitimate users of a website to access it.
And now Mirai is readily accessible.
Here’s another scary fact:
According to researchers with cyber-security software provider Imperva Inc. (IMPV), you can buy a DDoS attack on the internet for as little as $5 an hour via the online professional services marketplace Fiverr.
These things used to be available only on the “dark web.”
Things have changed.
It might make sense to keep some things “off the internet” as a matter of security. Don’t count on that, though. Indeed, the search for absolute security, as Dwight Eisenhower once noted, is a path to bankruptcy.
We can take steps to protect ourselves, however. And we can identify companies doing that sort of work — not only to engage their services, but to profit from their success as well.
Imperva is a $1.2 billion market cap with nearly 5,000 customers. Its cloud-based Incapsula platform is credited with stopping some of the biggest DDoS attacks ever recorded. The company is a potential takeover target, with bigger fish such as Cisco Systems Inc. (CSCO) and International Business Machines Corp. (IBM) reportedly circling it.
NetScout (NTCT) acquired Arbor Networks, which previously partnered with Cisco, for $2.6 billion in 2015 to beef up its network performance monitoring and security capabilities. Arbor says it serves 90% of the world’s Tier 1 internet service providers and claims “visibility into one-third of global internet traffic.”
Several startups are also poised to capture new business based on the never-ending search for cyber security.
Nexusguard, founded in San Francisco in 2008, touts itself as offering “the world’s first cloud DDoS monitoring service.” It produces copious reports and data about DDoS attacks. Note: DDoS companies top the hit list for hackers.
Cloudflare, founded in 2009, has so far received $182 million in funding. It claims more than 2 million users of its website protection/performance software
Finally, Florida-based Zenedge was founded in 2014. With $13.7 million in funding, its cloud-based DDoS prevention solution, which employs artificial intelligence, is attracting significant venture interest.
Its “patent-pending proprietary machine-learning algorithms inspect web traffic in real time to identify threats dynamically and update security settings accordingly.”
“One person’s ‘paranoia’ is another person’s ‘engineering redundancy.'”
Editorial Director, Wall Street Daily