Yesterday, the tech world was rocked by an unexpected cyber attack on the internet watchdog group called Spamhaus.
The Swiss-based security and protection service was started in the 90’s as a means to battle inbox spam and pop-ups. The attack is regarded as the largest of its kind in history, affecting millions of internet users worldwide. The hackers responsible for the cyber attack are completely unknown—though it’s possible the group had grievances against Spamhaus for blacklisting their email bases.
The nature of DNS servers is to have a default setting that allows outside IP addresses to be configured and given a response. This arrangement makes computer systems highly susceptible to cyber attacks by making access to external DNS servers widely acceptable. The magnitude of the attack on Spamhaus means that hackers sought to overload the watchdog group’s DNS servers at a astounding rate.
This particular kind of cyber attack—Disributed Denial of Service (DDoS)—takes advantage of poorly configured domain name systems (DNS). The London and Geneva-based Spamhaus was exposed to unusually high levels of service denial. Computer World’s Jaikumar Vijayan says “Large DDoS attacks have typically tended to involve between 4 gigabits per second to 10 Gbps of traffic… The Spamhaus attacks involved traffic volumes that reached a staggering 300 Gbps.” Business owners can be threatened by any hacker, anywhere, anytime, and with minimal resources. The New York Times states,
“The Open DNS Resolver Project , an effort by a group of security experts to draw attention to the issue, estimates that there are currently about 27 million DNS servers that are open resolvers. About 25 million of those pose a significant threat, according to the project’s website.
According to Prince, barely 100,000 of the open resolvers were used to direct 300 Gbps of traffic against the organization. “What’s spooky here is that only a tiny fraction of the open resolvers were used,” he said. The attackers could easily have co-opted more DNS servers, Prince noted.”
This alarming cyber attack on Spamhaus has become a wake-up call to information security standards across the globe. Having a managed IT service package is your best defense against cyber attacks. Call trueITpros today to discuss a proactive monitoring solution for enhanced security and preparedness.