If You Build It, They will Come - IoT Driven Botnet Attacks

If You Build It, They Will Come - IoT Driven Botnet Attacks

The internet has revolutionized the way we live, the way we do business and the way we stay “connected.” Since the birth of the internet, technological advances have allowed us to mobilize our communications, automate everyday activities, enhance user experience and create an interconnected world in which we have come to rely on.

Internet-based home automation devices, such as video baby monitors, remote thermostat programming, home surveillance and security kits, connected lighting products, etc., are transforming how we manage our day-to-day lives. Remote management of these devices, through smartphones, online portals and the like has extended to every home, car, business, building and system in the world. Not many would argue that the term “IoT” is sometimes overused, or even misunderstood, but it certainly represents a growth spurt in the evolution of technology.

Regardless of term, or use case, it’s well-known that cybercriminals can hack into any vulnerable device connected to the internet to remotely take control of that device and enslave it into a botnet that is part of a distributed denial-of-service (DDoS) attack. Given the recent, ongoing and exponential increase of devices connected to the IoT, it is becoming easier for hackers to increase the size and frequency of DDoS attacks.

The average user of connected devices, whether that be your smart home, smart appliances, smart car or smart office, does not typically pay close attention to software updates or critical patching schedules. They also don’t quite understand how these devices are connected or sharing data. IoT devices often have just enough processing power to deliver their required functionality, with security as an after-thought at best or often not present at all. Combine this with the fact that access control passwords are often left at their factory defaults, or users choose alternatives which are easy to crack using brute force techniques. The human component is often underestimated as a contributor to an overall lack of security of the IoT.

In the case of DDoS attacks, the reality is that any device, infrastructure, application, etc. that is connected to the internet is at risk for attack, or even more concerning, to be recruited as a bot in an army to be used in DDoS attacks against unsuspecting victims. Botnets, also known as “zombie armies,” can be deployed on thousands — if not millions — of connected devices and can wreak havoc - spam attacks, spread malware or launch DDoS attacks. 

Commonly used DDoS toolkits abuse internet services and protocols that are available on open or vulnerable servers and devices, to create a class of attacks that are virtually impossible to trace back to the originating attacker, known as amplification DDoS attacks. This raises serious concerns that the sheer number of devices in the IoT represents a totally new type of attack surface that could become wildly out of control in very short order. 

There is really no limit to the potential size and scale of future botnet-driven DDoS attacks, particularly when they harness the full range of smart devices incorporated into our IoT. By using amplification techniques on the millions of very high bandwidth capable devices currently accessible, such as baby video monitors and security cameras, DDoS attacks are set to become even more colossal in scale.

The bottom line is that attacks of this size can take virtually any company offline – a reality that any business must be prepared to defend against. And it isn’t just the giant attacks that organizations need to worry about. Before botnets are mobilized, hackers need to make sure that their techniques are going to work. This is usually done using small, sub-saturating attacks, which most IT teams wouldn’t even recognize as a DDoS attack. Due to their size – the majority are less than five minutes in duration and under 1 Gbps – these shorter attacks typically evade detection by most legacy and homegrown DDoS mitigation tools, which are generally configured with detection thresholds that ignore this level of activity.

This allows hackers to perfect their attack techniques, while remaining under the radar, leaving security teams blindsided by subsequent attacks. If these techniques are then deployed at full scale with a botnet, the results can be devastating.

Preventing the IoT botnet and protecting against attacks

Preventing and mitigating the exploitation of the IoT is going to take quite a concerted effort. Device manufacturers, firmware and software developers need to build strong security into their devices. Installers and administrators need to change default passwords and update patch systems – if this is even possible – when vulnerabilities do arise.

Organizations must also be better equipped to deal with the inevitable DDoS attack – IoT related, or otherwise. In the early days of DDoS attacks, more than two decades ago, operators handled an attack with a null route; i.e., a remote trigger blackhole. If they detected something going awry, they would look at the victim – the IP that was targeted – and null route everything associated with the victim. This got the attack traffic off the operator’s network and stopped the collateral damage against other unintended victims. However, it sacrificed the victim in the interest of keeping the rest of the network viable.

The DDoS mitigation landscape then evolved to a slightly more advanced technique, which involves routing the attack traffic to a scrubbing center, where human intervention and analysis is typically required to remove the attack traffic and return the legitimate traffic to its intended target. This process is resource-intensive and expensive. Plus, there’s often a lengthy delay between detection of the attack, and when the actual remediation efforts begin.  

The DDoS protection of today requires robust, modern DDoS defenses that will provide both instantaneous visibility into DDoS events as well as long-term trend analysis to identify adaptations in the DDoS landscape and deliver corresponding proactive detection and mitigation techniques. Automatic DDoS mitigation is available today to eradicate the damage of DDoS and eliminate both the service availability and security impact. If desired, these solutions can be paired with an on-demand scrubbing solution.

This type of effective DDoS defense can also be deployed as a premium DDoS Protection as-a-Service (DDPaaS) offering from an upstream internet provider. Carriers are in a unique position to effectively eliminate the impact of DDoS attacks against their customers by surgically removing the attack traffic transiting their networks, before flowing downstream. Providing such a service not only streamlines the operations of providers, giving them increased visibility and making their services more reliable, but drastically reduces the impact of IoT driven DDoS attacks.

Featured

  • New Report Reveals Top Security Risks for U.S. Retail Chains

    Interface Systems, a provider of security, actionable insights, and purpose-built networks for multi-location businesses, has released its 2024 State of Remote Video Monitoring in Retail Chains report. The detailed study analyzed over 2 million monitoring requests across 4,156 retail locations in the United States from September 2023 to August 2024. Read Now

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

Featured Cybersecurity

Webinars

New Products

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3