DDoS Downfall: How the IoT is Becoming the Internet of Very Bad Things
Internet of Things (IoT) devices like smart watches, smart thermometers, smart fridges and smart anything are undeniably cool and incredibly useful. This age of connectivity is the age of possibility, and millions of people all over the world are taking advantage of the wonderful benefits these devices have to offer.
There’s a different kind of people taking a different kind of advantage of all these connected devices, however, and with the exploding popularity of IoT devices, these people have a lot of power literally at their fingertips. The result of all this easily accessible power? The biggest DDoS attacks the world has ever seen.
Distributed denial of service or DDoS attacks are a type of cyberattack that seek to overwhelm the network resources or bandwidth of a target website or other online service. These attacks do so by harnessing the power of a botnet, a grouping of internet-connected devices that enables the attacker to direct massive amounts of malicious traffic at the target.
When a DDoS attack is successful, the result is a website that is either bumped offline or slowed down so much that it can’t be used. Thanks to the accessibility of DDoS for hire services, distributed denial of service attacks were already a growing problem since the average person with no special computer skills can now aim an attack at any site for a nominal fee, making almost every website and business on the internet a potential target. Thanks to the IoT, the DDoS threat is looming considerably larger.
Bigger and badder botnets
For a device to be included in a botnet, it needs to be infected with malware that allows it to be remotely controlled. In the past these devices were generally computers because they were by far the most common form of internet-connected device. However, security for computers has gotten better and people have become increasingly focused on securing them, making it harder for cyberattackers to take over.
If computers were still the most common form of internet-connected device, this would be good news, but in 2016 the number of devices in the IoT was estimated at 6.4 billion. Unfortunately, these devices tend to be so weakly secured attackers have to do little more than put in default usernames and passwords to take control. As a result, IoT-powered botnets are weighing in with hundreds of thousands of infected devices, giving attackers unprecedented amounts of malicious traffic to play with.
In its relatively short life, the Mirai IoT botnet has already achieved internet infamy with its record-breaking distributed denial of service attacks. The first high-profile victim was famed security blogger Brian Krebs, whose website went down in the face of a 620 Gbps attack. Following that, French web hosting provider OVH got rocked by a 1 Tbps attack, then DNS provider Dyn got walloped by a 1.2 Tbps attack, resulting in the internet essentially coming to a screeching halt when sites like Netflix, PayPal and Twitter went down as a result. All three attacks were once the biggest in the history of the internet. The Dyn attack is still number one.
The Mirai source code is publicly available, which means cyberattackers are free to use it to assemble their own massive botnets, which means Mirai variants are causing big problems all over the internet. In December, one such variant infected Deutsche Telekom routers, affecting over 900,000 customers. While most Mirai-based attacks are network-layer, another variant recently took aim at an American college with a 54-hour application-layer attack that peaked at over 37,000 requests per second.
Two types of threats and two security considerations
The threat presented by the Mirai malware, as well as any malware that targets IoT devices, is two-fold. First is the threat to websites and online service coming from these bloated botnets and the record-smashing DDoS attacks that cause an immediate loss of revenue while the site or service is unavailable, as well as a long-term loss of revenue stemming from the eroded trust and loyalty experienced by users. The solution for this is professional DDoS mitigation that protects against both network and application layer attacks.
The second threat presented is to every person or company that has at least one IoT device. If a device can be easily hijacked for inclusion in a botnet, it can be just as easily hijacked for other malicious purposes. Considering how much sensitive and financial data may be available through these devices as well as how many gather photo, video and audio imaging, this is a truly frightening prospect.
To check if any of the devices on your network are either already infected by the Mirai malware or vulnerable to it, you can use the Mirai scanner provided by DDoS protection provider Incapsula. Regardless of the results of the scanner, you should take the time to log in to every IoT device you own and change the default username and password to something that is hard to guess. After all, the only person who should get to benefit from an IoT device should be the person who owns it.