1Wondering what are Zombie DDOS attacks?Can your camera or your humble DVR actually attack you?
The recent Zombie DDOS attacks on Dyn that brought large parts of the internet down seem like the stuff you read in science fiction. The Mirai Botnet IoT DDOS attacks used your compromised DVRs and other IoT devices to launch an attack.
Fundamentally, why did the attack happen? Poorly designed IoT devices is the prime reason for the DVRs and other IoT devices being turned into Zombie DDOS attackers by botnets. Another reason why you shouldnt be buying the cheapest DVR in the market!
2Steps How A Zombie DDOS attack is launched
A chronology of events that lead to Zombie DDOS attacks thru botnets :
- Zombie DDOS attacks are launched by compromised PCs, servers or IOT devices.
- These Zombie Devices are compromised typically through poor security standards.
- If these zombie devices are connected to more devices, the connected devices become zombies too.
These bots then form an army of zombie devices, collectively called a botnet.
- The zombie devices wait, ready to do the bidding of the person who controls them.
The controller of the zombie device army decides to attack. Finally, the zombie devices launch a blistering Denial Of Service (DDOS) attack on the target website.
3Recent IOT Botnet DDOS attack
Recently, the Mirai botnet DDOS attacks brought down large parts of the internet. The brutal DDOS attack used an army of zombie IOT devices to launch the attack.
The zombie army of IOT devices launched an enormous attack on the DYN domain servers. As a result,there was internet outage in many parts of the world
4How do you protect your website from a zombie DDOS attack
If you are a small business, and you are threatened by a dangerous botnet Denial Of Service attack, all you can do is to pray! Jokes aside, you can follow these 17 Steps to protect your website from DDOS attacks
If you are a large company, implementing the DDOS protection steps will probably save your website from denial of service crashes. However, if you are a small business, a powerful Zombie Denial Of Service botnet attack can probably crash your website for at least a few hours. At the very least, you should implement these two DDOS protection techniques :
- One option is to at least sign up for cloud based DDOS protection thru providers such as Cloudfare, Akamai or Incapsula.
- Another option is to use a cloud based DNS provider, such as Google Cloud DNS, to get redundant DNS servers. This will protect your website from Zombie DDOS attacks on your DNS provider