DDoS downfall: How the IoT is Becoming the Internet of Very Bad Things

DDoS Downfall: How the IoT is Becoming the Internet of Very Bad Things

Internet of Things (IoT) devices like smart watches, smart thermometers, smart fridges and smart anything are undeniably cool and incredibly useful. This age of connectivity is the age of possibility, and millions of people all over the world are taking advantage of the wonderful benefits these devices have to offer.

There’s a different kind of people taking a different kind of advantage of all these connected devices, however, and with the exploding popularity of IoT devices, these people have a lot of power literally at their fingertips. The result of all this easily accessible power? The biggest DDoS attacks the world has ever seen.

Services, denied

Distributed denial of service or DDoS attacks are a type of cyberattack that seek to overwhelm the network resources or bandwidth of a target website or other online service. These attacks do so by harnessing the power of a botnet, a grouping of internet-connected devices that enables the attacker to direct massive amounts of malicious traffic at the target.

When a DDoS attack is successful, the result is a website that is either bumped offline or slowed down so much that it can’t be used. Thanks to the accessibility of DDoS for hire services, distributed denial of service attacks were already a growing problem since the average person with no special computer skills can now aim an attack at any site for a nominal fee, making almost every website and business on the internet a potential target. Thanks to the IoT, the DDoS threat is looming considerably larger.

Bigger and badder botnets

For a device to be included in a botnet, it needs to be infected with malware that allows it to be remotely controlled. In the past these devices were generally computers because they were by far the most common form of internet-connected device. However, security for computers has gotten better and people have become increasingly focused on securing them, making it harder for cyberattackers to take over.

If computers were still the most common form of internet-connected device, this would be good news, but in 2016 the number of devices in the IoT was estimated at 6.4 billion. Unfortunately, these devices tend to be so weakly secured attackers have to do little more than put in default usernames and passwords to take control. As a result, IoT-powered botnets are weighing in with hundreds of thousands of infected devices, giving attackers unprecedented amounts of malicious traffic to play with.

Mirai mayhem

In its relatively short life, the Mirai IoT botnet has already achieved internet infamy with its record-breaking distributed denial of service attacks. The first high-profile victim was famed security blogger Brian Krebs, whose website went down in the face of a 620 Gbps attack. Following that, French web hosting provider OVH got rocked by a 1 Tbps attack, then DNS provider Dyn got walloped by a 1.2 Tbps attack, resulting in the internet essentially coming to a screeching halt when sites like Netflix, PayPal and Twitter went down as a result. All three attacks were once the biggest in the history of the internet. The Dyn attack is still number one.

The Mirai source code is publicly available, which means cyberattackers are free to use it to assemble their own massive botnets, which means Mirai variants are causing big problems all over the internet. In December, one such variant infected Deutsche Telekom routers, affecting over 900,000 customers. While most Mirai-based attacks are network-layer, another variant recently took aim at an American college with a 54-hour application-layer attack that peaked at over 37,000 requests per second.

Two types of threats and two security considerations

The threat presented by the Mirai malware, as well as any malware that targets IoT devices, is two-fold. First is the threat to websites and online service coming from these bloated botnets and the record-smashing DDoS attacks that cause an immediate loss of revenue while the site or service is unavailable, as well as a long-term loss of revenue stemming from the eroded trust and loyalty experienced by users. The solution for this is professional DDoS mitigation that protects against both network and application layer attacks.

The second threat presented is to every person or company that has at least one IoT device. If a device can be easily hijacked for inclusion in a botnet, it can be just as easily hijacked for other malicious purposes. Considering how much sensitive and financial data may be available through these devices as well as how many gather photo, video and audio imaging, this is a truly frightening prospect.

To check if any of the devices on your network are either already infected by the Mirai malware or vulnerable to it, you can use the Mirai scanner provided by DDoS protection provider Incapsula. Regardless of the results of the scanner, you should take the time to log in to every IoT device you own and change the default username and password to something that is hard to guess. After all, the only person who should get to benefit from an IoT device should be the person who owns it.

Featured

  • Freedom of Choice

    In today's security landscape, we are witnessing a fundamental transformation in how organizations manage digital evidence. Law enforcement agencies, campus security teams, and large facility operators face increasingly complex challenges with expanding video data, tightening budget constraints and inflexible systems that limit innovation. Read Now

  • Accelerating a Pathway

    There is a new trend touting the transformational qualities of AI’s ability to deliver actionable data and predictive analysis that in many instances, seems to be a bit of an overpromise. The reality is that very few solutions in the cyber-physical security (CPS) space live up to this high expectation with the one exception being the new generation of Physical Identity and Access Management (PIAM) software – herein recategorized as PIAM+. Read Now

  • Protecting Your Zones

    It is game day. You can feel the crowd’s energy. In the parking lot. At the gate. In the stadium. On the concourse. Fans are eager to party. Food and merchandise vendors ready themselves for the rush. Read Now

  • Street Smarts

    The ongoing acceptance of AI and advanced data analytics has allowed surveillance camera technology to shift from being a tactical tool to a strategic business solution. Combining traditional surveillance technology with AI-based data-driven insights can streamline transportation systems, enhance traffic management, improve situational awareness, optimize resource allocation and streamline emergency response procedures. Read Now

  • Midtown Manhattan Shooting Kills 4, Including NYPD Officer

    Four people were killed, including a NYPD officer, in a midtown Manhattan shooting on Monday. That’s according to CNN. Read Now

New Products

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.