Fuel Member Phil De Meyer, a Senior Network Administrator at a mid-sized insurance company, examines the recent Dyn attack, the impact of IoT devices, and the growing sophistication of botnet attacks. Read on for more information on how to recognize, mitigate and prevent these kinds of attacks within your own organization.
On Sept. 20, Krebs on Security and Akamai, their Domain Name Server (DNS) mitigation service provider, were the targets of the largest Distributed-Denial-of-Service (DDoS) attack to date, clocking in at approximately 620 Gbps — doubling the largest attack reported by Akamai of 363 Gbps. Right on the heels of this attack, major DNS provider Dyn was the victim of a DDoS attack on Oct. 21. This attack affected a number of popular services, and initial indications are that this was another IoT botnet.
What was the source of this new wave of DDoS attacks? Two large botnets of Internet-of-Things (IoT) devices - in other words, internet-connected refrigerators, cameras and other devices. By some estimates, there are 500,000 to 980,000 IoT devices in more than 165 countries. In addition to being used for malicious activities including DDoS spamming and spreading ransomware, the idea that these devices are also being used as proxies to help obfuscate traffic analysis is not out of the question. This might be only the beginning as many of these devices are capable of more and more.
If this type of attack has trickled down to cyber criminals, you can be sure that it’s being used by other organizations and governments, too. Toolsets will grow in sophistication, increasing the profitability for botnet owners as they will be able to offer additional services. Among numerous vulnerabilities, most IoT devices have open and discoverable administrative controls, default passwords and no capability to be patched or updated.
You now know that IoT devices can threaten your network and you should have a plan to address them, so let’s lay it out:
Learn where IoT devices are used and where they are connecting to on the intranet and internet. Be sure to:
Have insight into your normal network traffic profile.
You need to be able to spot trends and patterns in traffic data in order to keep all of us safe. Next-generation firewall (NGFW) devices are beginning to assist engineers by categorizing traffic with not only our localized view of network threats, but also with larger security intelligence sets from professionals looking at a national and global scale.
Don’t assume you can filter this out. On a larger scale, filtering incoming traffic will not make DDoS mitigation any easier as this gives attackers advantages with geographic diversity and unique endpoints. But this is the direction that InfoSec is growing.
What are your ideas about stopping this next wave of IoT-enabled attacks? Tell us in the comments below.
Interested in contributing to the Fuel for Thought blog? We are currently seeking members to join the the Editorial Subcommittee for Fuel’s Community Development Council!Fuel for Thought allows us to develop and share valuable resources, stories, events and case studies to the Fuel community — and we could use your help to grow it. Whether you’re keen to weigh in on a hotly debated topic, explore the latest cybersecurity trends, or offer a fresh perspective on industry news, we’d like to hear from you!
Connect with Jaclyn Patulo, our Editorial Coordinator, or select "Join the Community Development Council" on the volunteer interest form to apply.