The recent distributed denial of service (DDoS) attack on internet service provider Dynamic Network Services Inc. (Dyn), which disabled the websites for major corporations such as Twitter, Spotify, Netflix, Amazon, Tumblr, Reddit, The New York Times and many others, not only serves as a wake-up call for organizations of all sizes, but a warning as well, according to the FBI. The agency has warned private companies that cyber-attacks through thousands of connected devices, known as the Internet of Things (IoT), will only increase in number. “The exploitation of the IoT to conduct small-to-large scale attacks on the private industry will very likely continue,” explained the FBI in an October 26 bulletin to private organizations.
Further, an FBI spokeswoman explained, “In furtherance of public-private partnerships, the FBI routinely advises private industry of various cyber threat indicators observed during the course of our investigations. This data is provided in order to help systems administrators guard against the actions of persistent cybercriminals.” The reason this threat will remain, the FBI explained, is because the source code used in the attack, known as Mirai, is publicly available. Anyone with technical skills can set up their own “botnet” of hacked IoT devices to overload websites with tens of thousands of IP addresses. Director of National Intelligence James Clapper said Russia is not believed to be the culprit, as the attacks do not appear to be government-based.