DDoS attacks - should we be worried?

Every other day we see incidents reports from Vera Ltd regarding DDoS attacks. Should we be worried that the attackers retrieve any data like user credentials during these attacks? Is Vera Ltd the target or is the company indirectly affected?

I’d also be interested to know what steps they are taking to mitigate these attacks, there are plenty of services available to mitigate these attacks and looks like they should be looking to invest.

I question whether they really are Ddos.
I reckon they are overloaded servers.

Sent from my ONE A2003 using Tapatalk

DDoS(Distributed Denial of Service) attacks are about preventing normal function. Whether this is by flooding the internet connection and consuming all the bandwidth, or about making the server so busy with connections that it can’t handle the load, the attack is about preventing normal service. There is no risk to data and this type of attack does not even attempt to acquire data. It is entirely about creating a traffic jam.

But, I think that @konradwalsh is probably correct that these aren’t specifically DDoS attacks targeting Vera’s portal, but rather an overloaded system caused by a growing userbase and underpowered systems/software. Why would anyone want to DDoS Vera? There are very few that would enjoy a competitive advantage. It seems unlikely that anyone would be so angry at Vera as to launch such an attack. There’s no political advantage or even an opportunity for fame in attacking Vera. I just don;t see why they would be under attack.

I do see a lot of opportunity for inefficient databases, bottlenecks in authentication pipelines, misimplementation of cloudy scalability. Contrary to popular thinking, it turns out it’s not so as simple as just launching more AWS instances and that stuff costs big money, making companies loath to spin up a fleet of servers to service inefficient algorithms. It’s super easy for companies like Vera with hundreds of thousands(millions?) of devices “phoning home” to inadvertently DDoS themselves.

Even if it really is a malicious DDoS, possibly because their cloud servers now occupy the address space of another former target, it takes massive networking resources and serious dollars to mitigate a DDoS attack. That’s if it can be mitigated at all. Just switching to CloudFlare or having your upstream block a BGP AS is not effective against a real DDoS attack, no matter what the armchair experts think. That stuff is hard and the larger the scale the harder it is.

I suspect, with no real evidence, that the “DDoS attacks” are growing pains. Inconvenient to us, but not a serious risk for data loss/exfiltration.

I would ask; what would be your risk if your user credentials were leaked? You should not be using the same password across sites. In theory, a credential leak at Vera should only allow an attacker to toggle your Z-Wave devices. That could be annoying and even quite freaky, but it should not be a big risk to your person or property. If it is, then you need to make changes to mitigate that risk. ALWAYS operate under the assumption that your data WILL be exposed. But, when it happens, the damage should be limited and compartmentalized.

there is a risk. DDOS attack may display error messages, stack dumps whatever, which hacker can exploit to understand the underlying configuration and then get the next round of attach, more focus. so there is allways a risk

Do realize the Mios/GetVera servers are cloud based. Using at least AWS and one other cloud provider. These DDoS may not necessarily be targeting the MIOS/GetVera servers. Those may only be collateral damage of an attack on another entity in the same segment.

Could stressing the infrastructure also help conceal other types of attacks running in parallel?

it’s funny because it looks like their upstream provider is cloudflare
which is supposed to protect against ddos

but doesn’t look like they are doing a very good job.
time for a new host.

it could also not be an attack against vera directly. but cloudflare or someone else on that host that is causing issues for other customers.

My concern is that if they are getting attacked, because they keep login details on the servers, the attackers could possibly get access to peoples homes. I wonder what sort of encryption their servers run?

Beyond encryption, they should at least have two-factor authentication as an option for us.