Even of the simplest of cyberattack has the potential to catastrophic damage; a large DDoS by an of hijacked devices is capable of knocking networks offline, leaving organisations and their customers unable to access .
The of such an attack was made clear by the Mirai botnet incident late last year. The Mirai botnet used - devices, such as and , to bring large chunks of the internet to its knees, slowing or outright bringing down popular websites and services.
But that wasn't the end of Mirai's malicious intent. A month later a million internet users in Germany were thrown offline in late November as part of a coordinated cyberattack which also impacted the UK, Ireland, Turkey, Iran, and Brazil, among others.
Internet provider bore the brunt of much of the attack German borders. Matthias Rosche, of solution sales and consulting at Deutsche Telekom's telecom security group, described it as "the attack" against the company which had a "major" impact on its customer .
Almost five percent of its 20 million customers suffered internet outages as a result of the botnet attack, which targeted and routers, exploiting an open port. In total, 900,000 routers were affected by the attack.
The attack wasn't capable of stealing data, but it still created problems, resulting in 30 hours of downtime for 900,000 internet connections in homes and businesses across Germany.
"What we saw was that there were specific routers which had issues and problems. Looking at the statistics, we saw that a significant number went down immediately," Rosche said, speaking at a conference arranged by security company Check Point in Milan.
The malware contained a link to upload malicious software to the devices in order to connect them to the botnet, but Deutsche Telekom quickly moved to minimise the potential damage of this threat.
"We started to investigate into the attack and figured out there was a download link embedded to upload to malicious software. So the first thing we did was that to make sure that even if the infection is successful, nothing can uploaded from that specific link," said Rosche.
The company's security set up a war to coordinate activities and block the key open port across the network, in order to ensure no attack could target it anymore, he explained.
In addition to this, an agreement between Deutsche Telekom and the router vendors meant as soon as the telecoms firm knew how to close the vulnerability, they contacted the vendors and provided them with the information required to update devices and protect them against the botnet.
"Within 12 hours we had a new software version available for our routers," said Rosche, adding that users were informed they had to turn routers on and off again and to protect themselves from the attack.
"This was a simple patching process and we were happy this was our worst-," he said of the incident.
If the attack had been fully successful, the results would've been dire and a danger to the internet.
"It's a simple calculation. We'd have had a new botnet of 1.8 terabits per second, which is big enough to carry out a DDoS attack against any state in the world. This would've been the most powerful weapon on the internet, it would have been incredible," said Rosche.
"We apologised to our customers and the question we had to ask ourselves was, 'Can we guarantee that this won't happen again in the future?' The answer is 'probably not'. But we'll be prepared," he said.
READ MORE ON
- History repeating: How the IoT is failing to learn the security lessons of the past
- Internet-connected devices will always pose a risk, experts say [CNET]
- Is 'admin' password leaving your IoT device vulnerable to cyberattacks?
- Homeland Security warns of 'BrickerBot' malware that destroys unsecured internet-connected devices
- Everything old is new again: Experts predict a flood of denial-of-service attacks [TechRepublic]