In the past week, we saw a series of DNS-based attacks on high profile domains that caused visitors trying to reach the affected domains to be redirected to IPs under the control of the Syrian Electronic Army. During the incident, I spent some time helping the New York Times get their sites back to normal, and working with our friends at CloudFlare, Twitter, Google, DemandMedia, and others to get a handle on the extent of the SEA’s hacks.
There’s plenty of coverage of how the attack happened and what you can do to help prevent this if you’re a webmaster of a high-profile website (Hint: get a registry lock in place, not just a registrar lock), so I won’t offer yet another opinion on that front. Instead, I want to focus on what this hack means for IT professionals—the people charged with protecting employees, sensitive or confidential corporate data, and enterprises at large.
When extremely popular and trusted domains like the New York Times are compromised, the real danger lies in the huge number of users affected in such a short time. The attacks of the past week seem to have amounted to high-tech vandalism, but if the SEA had perpetrated a more malicious attack, millions of computers would have fallen prey in a few hours.
Here are three grim outlooks on what could happen when a high-profile website with a vast base of visitors is compromised:
The world’s largest botnet, instantly
Massive watering hole attack
In this week’s attack, hackers didn’t compromise the actual New York Times server; they only redirected traffic headed there. But if a hacker did gain access to their server and successfully inserted malicious content onto the page, the potential for damage would be huge. In a “watering hole” attack, hackers hide malicious code within a legitimate web site, but configure it to only activate for a certain range of IPs. If a hacker knew a range IP addresses used by a particular company and had a decent guess at a web page that would be popular among that company’s employees, hundreds or thousands of employee devices could be infected before anyone outside of that IP range realized anything was wrong.
Compromised credentials for everyone
Hacks aimed at very popular web sites can be very effective in attempts to steal credentials because they have large audiences, and we all place a lot of faith into such big brand names. The hackers behind this week’s attack could have redirected visitors to spoofed page asking for nytimes.com credentials to proceed. At such a large scale, even a barely passable fake could yield millions of usernames and passwords—and we all know that most employees remain frustratingly careless about creating unique passwords across accounts.
Fighting back: Deploying security that operates at Internet scale
The bad news is, your nightly anti-virus definitions aren’t going to help you here. Neither is your old-school web security appliance. When employees are in and out of the office, using Wi-Fi, cellular, and other networks, you need blanket protection that provides a secure conduit to the Internet so your employees can connect with confidence.
Here’s the good news, there’s something you can do about it. Even though the threat landscape has changed dramatically, these complex scenarios are exactly what we’ve been building our company to address. Umbrella for Enterprise protects all of your users, across all of their devices, no matter where they’re working. More importantly, our real-time predictive threat protection figures out when a site like the New York Times is redirected to a new, untrusted, or historically malicious source, and blocks access to it pre-emptively. Our cloud-delivered security benefits from powerful Big Data analysis of the 50 billion DNS requests that we handle each day, and it responds to threats in real-time to protect you from today’s advanced attacks—not just yesterday’s.
In a perfect world, malicious attacks like this week’s wouldn’t be a problem, but unfortunately they seem to be growing in frequency and advancing in sophistication. Faced with such a challenge, I’m excited to see that when the security techniques pioneered by OpenDNS were put to the test, they passed with flying colors.