Jan 12, 2017

The Coming IoT DDoS Storm

There are many discussions in recent events regarding the threat of vulnerable IoT devices. Part of the scare here is the ability of nefarious actors to unleash these devices in controlled botnets in strategic Denial of Service attacks. This is a very tangible threat that has manifested in a number of recent attacks including a massive DNS outage leveraged against DYN several weeks ago.

The truth of the matter is that the threat from IoT and industrial devices is not really new, it just seems much more important now. If you dial the calendar back to late 2013, a high-profile incident occurred where hackers broke into the HVAC systems belonging to mega-retailer Target. From there, those hackers were able to get into the system that processed credit cards, and the carnage that ensued is now the stuff of security history. In October’s DYN DNS attack, an army consisting of hundreds of thousands of video cameras were deployed with default passwords, making this attack possible. Both cases involved devices that may not be highly regarded by the average person as a security threat and both cases involved very limited purpose computing endpoints.

Despite this history and numerous warning signs, embedded systems and consumer technologies continue to ship with flaws in security, which hackers are all too willing to exploit. With a bit of vigilance, some platforms can be updated to address security issues, but many more simply cannot. This is a brewing threat storm that has no easy solution, however as an enterprise, some planning can help reduce the impact of these threats. It is important to note that the evolution of threats over time shows that security threats never become less severe, so strategies must be accordingly scalable.

Best practices

The internet has survived massive threats over the years – worms, Y2K, ransomware, broken encryption, regulations, and more. The Dyn DNS attack should serve as a reminder to address vulnerabilities through sound principles, rather than be seen as an inevitable breakage of the internet itself. While the attack itself took down the services of a major provider of DNS across the web, organizations that used backup DNS providers, would not have experienced an “outage”. Those that were affected by an outage were in a single point of failure situation while those that had built DNS redundancy into their systems may have experienced some delays, but not an outage.

History tells us that the IoT threat will increase, a notion that will accelerate thanks to the simple economics that hackers see quite clearly before them. Here are some highlights of the IoT attack opportunities:

  1. Exploits can unlock elevated levels of control over devices, which legitimate users themselves may not have access to – cutting off patching, cutting off configuration, and executing the will of the hacker.
  2. Millions if not billions of devices in the marketplace are quickly built, designed, and shipped, all with little thought to standard security configurations (much less enhanced security). This makes for simple exploitation, such as in the default password situation.
  3. The massive scope that can be made available by propagating millions of devices in a controlled network is an immense field. It is ideal for DDoS targeting and the owners of these devices will probably not witness anything different about a compromised device.
  4. The numbers and economics are highly leveraged and can have a massive impact against an operation. In the DYN DNS attack, only a tiny fraction of all the estimated compromised IoT endpoints in existence were utilized to carry out the attack. We are at a nascent point in the IoT story, which means that there are many more devices that are likely to be compromised in the future.

The future

It doesn’t take much research to know that internet security concerns have become a greater focus of importance in recent years. Cyber threats have become national threats and in accordance with that, reviews of the DNS incident and discussions about IoT standards have emerged. The good news is that the industry is poised to respond, innovate, and educate as never before.

The threat of IoT and DDoS attacks is very real, very much growing, and serious business. This evolution in security threats calls on businesses and leaders it the enterprise to address infrastructure, policies, and training with more urgency than ever before. It’s a good time to get your house in order. As a hosting provider, Codero partners with businesses across the spectrum to provide a valid services infrastructure that is designed to maintain operations.


Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedIn

Tags: , , , , ,