Security experts have warned that cyber criminals could knock out the entire internet for 24 hours at some point during 2017.
US online security firm LogRhythm predicts that hackers will launch a massive distributed-denial-of-service (DDoS) attack that will make October’s strike against internet backbone provider Dyn look trivial.
In an interview with Business Insider, LogRhytm VP and Chief Information Security Officer James Carder said: “In 2017, we’re going to see it hit big sometime, somewhere.
“We saw the massive [DDoS attack] against DynDNS just a couple of months ago. That DDoS attack took down sites like Twitter and Spotify for a few hours. We saw a similar DDoS hit Brian Krebs before the attack against Dyn. These were really just tests.”
If hackers did effectively disable the internet for a day or longer, the consequences could be catastrophic, potentially resulting in loss of life if connected medical devices and the like were taken offline.
Researchers expect DDoS attacks to increase over the course of next year, with the Internet of Things (IoT) playing an increasing role in their deployment. Mirai, the botnet that was responsible for the Dyn takedown, is made up of thousands of IoT devices that hackers can use to flood websites with data request, overwhelming their servers and taking them offline.
Earlier this week, it was reported that hackers appear to be creating a new botnet in the image of Mirai by infecting Linux-based IoT devices. While devices compromised by the Rakos virus have not yet been used with malicious intent, experts fear the network could be harnessed to mount DDoS attacks once it includes a critical mass of IoT products.
Revealing their discovery of Rakos on the welivesecurity blog, ESET researchers wrote: “It seems worthwhile for attackers to write new pieces of malicious software to misuse loopholes in the current state of network security. Our advice is this: Don’t build walls around your devices from sticks and straws, but from bricks and stones. The internet is a windy place.”
DDoS strikes can now even be delivered as a service, with cyber hackers offering attack capabilities on dark web marketplaces. At the beginning of December, Europol launched a campaign to target young hackers who use DDoS attack tools. The operation resulted in the arrest of 34 people from countries around the world, the majority of whom were aged below 20.
Commenting on the arrests at the time, Steven Wilson, Head of Europol’s European Cybercrime Centre (EC3), said: “Today’s generation is closer to technology than ever before, with the potential of exacerbating the threat of cybercrime. Many IT enthusiasts get involved in seemingly low-level fringe cyber crime activities from a young age, unaware of the consequences that such crimes carry.”