If You Build It, They will Come - IoT Driven Botnet Attacks

If You Build It, They Will Come - IoT Driven Botnet Attacks

The internet has revolutionized the way we live, the way we do business and the way we stay “connected.” Since the birth of the internet, technological advances have allowed us to mobilize our communications, automate everyday activities, enhance user experience and create an interconnected world in which we have come to rely on.

Internet-based home automation devices, such as video baby monitors, remote thermostat programming, home surveillance and security kits, connected lighting products, etc., are transforming how we manage our day-to-day lives. Remote management of these devices, through smartphones, online portals and the like has extended to every home, car, business, building and system in the world. Not many would argue that the term “IoT” is sometimes overused, or even misunderstood, but it certainly represents a growth spurt in the evolution of technology.

Regardless of term, or use case, it’s well-known that cybercriminals can hack into any vulnerable device connected to the internet to remotely take control of that device and enslave it into a botnet that is part of a distributed denial-of-service (DDoS) attack. Given the recent, ongoing and exponential increase of devices connected to the IoT, it is becoming easier for hackers to increase the size and frequency of DDoS attacks.

The average user of connected devices, whether that be your smart home, smart appliances, smart car or smart office, does not typically pay close attention to software updates or critical patching schedules. They also don’t quite understand how these devices are connected or sharing data. IoT devices often have just enough processing power to deliver their required functionality, with security as an after-thought at best or often not present at all. Combine this with the fact that access control passwords are often left at their factory defaults, or users choose alternatives which are easy to crack using brute force techniques. The human component is often underestimated as a contributor to an overall lack of security of the IoT.

In the case of DDoS attacks, the reality is that any device, infrastructure, application, etc. that is connected to the internet is at risk for attack, or even more concerning, to be recruited as a bot in an army to be used in DDoS attacks against unsuspecting victims. Botnets, also known as “zombie armies,” can be deployed on thousands — if not millions — of connected devices and can wreak havoc - spam attacks, spread malware or launch DDoS attacks. 

Commonly used DDoS toolkits abuse internet services and protocols that are available on open or vulnerable servers and devices, to create a class of attacks that are virtually impossible to trace back to the originating attacker, known as amplification DDoS attacks. This raises serious concerns that the sheer number of devices in the IoT represents a totally new type of attack surface that could become wildly out of control in very short order. 

There is really no limit to the potential size and scale of future botnet-driven DDoS attacks, particularly when they harness the full range of smart devices incorporated into our IoT. By using amplification techniques on the millions of very high bandwidth capable devices currently accessible, such as baby video monitors and security cameras, DDoS attacks are set to become even more colossal in scale.

The bottom line is that attacks of this size can take virtually any company offline – a reality that any business must be prepared to defend against. And it isn’t just the giant attacks that organizations need to worry about. Before botnets are mobilized, hackers need to make sure that their techniques are going to work. This is usually done using small, sub-saturating attacks, which most IT teams wouldn’t even recognize as a DDoS attack. Due to their size – the majority are less than five minutes in duration and under 1 Gbps – these shorter attacks typically evade detection by most legacy and homegrown DDoS mitigation tools, which are generally configured with detection thresholds that ignore this level of activity.

This allows hackers to perfect their attack techniques, while remaining under the radar, leaving security teams blindsided by subsequent attacks. If these techniques are then deployed at full scale with a botnet, the results can be devastating.

Preventing the IoT botnet and protecting against attacks

Preventing and mitigating the exploitation of the IoT is going to take quite a concerted effort. Device manufacturers, firmware and software developers need to build strong security into their devices. Installers and administrators need to change default passwords and update patch systems – if this is even possible – when vulnerabilities do arise.

Organizations must also be better equipped to deal with the inevitable DDoS attack – IoT related, or otherwise. In the early days of DDoS attacks, more than two decades ago, operators handled an attack with a null route; i.e., a remote trigger blackhole. If they detected something going awry, they would look at the victim – the IP that was targeted – and null route everything associated with the victim. This got the attack traffic off the operator’s network and stopped the collateral damage against other unintended victims. However, it sacrificed the victim in the interest of keeping the rest of the network viable.

The DDoS mitigation landscape then evolved to a slightly more advanced technique, which involves routing the attack traffic to a scrubbing center, where human intervention and analysis is typically required to remove the attack traffic and return the legitimate traffic to its intended target. This process is resource-intensive and expensive. Plus, there’s often a lengthy delay between detection of the attack, and when the actual remediation efforts begin.  

The DDoS protection of today requires robust, modern DDoS defenses that will provide both instantaneous visibility into DDoS events as well as long-term trend analysis to identify adaptations in the DDoS landscape and deliver corresponding proactive detection and mitigation techniques. Automatic DDoS mitigation is available today to eradicate the damage of DDoS and eliminate both the service availability and security impact. If desired, these solutions can be paired with an on-demand scrubbing solution.

This type of effective DDoS defense can also be deployed as a premium DDoS Protection as-a-Service (DDPaaS) offering from an upstream internet provider. Carriers are in a unique position to effectively eliminate the impact of DDoS attacks against their customers by surgically removing the attack traffic transiting their networks, before flowing downstream. Providing such a service not only streamlines the operations of providers, giving them increased visibility and making their services more reliable, but drastically reduces the impact of IoT driven DDoS attacks.

Featured

  • Freedom of Choice

    In today's security landscape, we are witnessing a fundamental transformation in how organizations manage digital evidence. Law enforcement agencies, campus security teams, and large facility operators face increasingly complex challenges with expanding video data, tightening budget constraints and inflexible systems that limit innovation. Read Now

  • Accelerating a Pathway

    There is a new trend touting the transformational qualities of AI’s ability to deliver actionable data and predictive analysis that in many instances, seems to be a bit of an overpromise. The reality is that very few solutions in the cyber-physical security (CPS) space live up to this high expectation with the one exception being the new generation of Physical Identity and Access Management (PIAM) software – herein recategorized as PIAM+. Read Now

  • Protecting Your Zones

    It is game day. You can feel the crowd’s energy. In the parking lot. At the gate. In the stadium. On the concourse. Fans are eager to party. Food and merchandise vendors ready themselves for the rush. Read Now

  • Street Smarts

    The ongoing acceptance of AI and advanced data analytics has allowed surveillance camera technology to shift from being a tactical tool to a strategic business solution. Combining traditional surveillance technology with AI-based data-driven insights can streamline transportation systems, enhance traffic management, improve situational awareness, optimize resource allocation and streamline emergency response procedures. Read Now

  • Midtown Manhattan Shooting Kills 4, Including NYPD Officer

    Four people were killed, including a NYPD officer, in a midtown Manhattan shooting on Monday. That’s according to CNN. Read Now

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.