Recent Internet attacks have resulted in several popular sites becoming unreachable. The list includes Twitter, Etsy, Spotify, Airbnb, Github, and The New York Times. These incidents have brought to light a new threat to online services: botnets powered by the Internet of Things (IoT). Distributed denial of service (DDoS) attacks have been commonplace for more than a decade but have rarely been too troublesome. For the past several years, network providers security services have been able to absorb such attacks to keep online properties available. But the game has now changed.
In essence, when a number of devices can be controlled to simultaneously flood a destination with network requests, the target becomes overloaded and legitimate requests cannot be processed. Traditional network filters are smart enough to recognize a handful of systems attempting this malicious behavior and simply drop all requests from them. But when thousands of systems mount an attack, the normal filters fail to recognize legitimate from malicious traffic and the availability of the system crumbles.
Cybercriminals and hacktivists have found a new weapon in this war, the IoT. Billions of IoT devices exist and can be as small as a piece of jewelry or as large as a tractor. They all have one thing in common: They connect to the Internet. This connection offers tremendous benefits. People can monitor their homes from afar with cameras, check the contents of their refrigerator while at the store, and do a myriad of other great things with these connected beneficial gadgets. We must not forget, however, that these are just tools. They can be wielded for good or employed for malice. To hackers, each one of these devices is a potential robotic soldier that could be a recruit into their bot armies.
A recent attack against a major DNS provider has highlighted this vulnerability to millions of Internet users. Botnets containing tens or hundreds of thousands of hijacked IoT devices can bring down major pieces of the Internet. IoT devices now represent a new and formidable threat. The next few months will be telling. For now, let’s cut through the hype and understand the important aspects of recent IoT DDoS attacks.
5 key points:
- Insecure IoT devices pose new risks for everyone. Every IoT device that can be hacked is a potential soldier in a botnet army which could be used to bring down important parts of the Internet. Such attacks can interfere with your favorite sites for streaming, social media, online-shopping, banking, etc. If you own such weak or poorly configured devices, then you could be contributing to the problem.
- IoT devices are valuable to hackers; they will not give them up without a fight. Although attacks such as the malware in the Mirai botnets are simple in nature, they will evolve as quickly as they need to for the attackers to remain in control. IoT devices are hugely valuable to hackers, as they empower them to conduct devastating DDoS attacksOpens in a new window with little effort.
- DDoS attacks from IoT devices are severe and tough to defend against. Identifying and filtering out attacks from a handful of systems is easy. When faced with tens or hundreds of thousands, it is nearly impossible. The amount of resources needed to fend off attack is tremendous and costly. The recent attack to knock Brian Krebs’ security-reporting site offline resulted in Akamai’s vice president of web security stating “If this kind of thing is sustained, we’re definitely talking millions” of dollars in cybersecurity services to keep the site available. That is powerful. Look for attackers to not give up easily. These always connected devices are perfect for DDoS botnets.
- Cybercriminals and hacktivists are driving these attacks. There is speculation that nation-states are behind the latest string of attacks. That is highly unlikely. The authors of Mirai, one of hundreds of botnets, voluntarily released the code to the public, something a governmental team would never do purposefully. However, it is a good bet that after witnessing how powerful IoT botnets are, nation-states are probably working on similar strategies but with much more advanced capabilities. In the short term, cybercriminals and hacktivists will remain the main culprits behind these attacks. During the next few months, expect criminals to find angles for making a financial profit, like extortion.
- It will get worse before it gets better. Unfortunately, most IoT devices that have been deployed lack strong security defenses. The ones being hacked now are the easiest, with default passwords that are published for anyone to look up. Hacker software simply connects and logs into the device, unless the owner has changed the default password. It is no surprise that most have not taken this important step. Instantly, the attackers have another soldier to do their bidding. In order for this situation to get better, several aspects must be addressed. Devices must be designed with security in mind, configured properly, and managed to keep security updated. This will take both technical and behavioral changes in the long run to keep pace with evolving hackers.
To learn more, read How to Secure the Future of IoTOpens in a new window.
Hacking IoT devices is now a problem for everyone. Due to the ease of compromise and massive numbers of IoT devices that are connected to the Internet, cybercriminals and hacktivists have a vast resource to fuel powerful DDoS campaigns. We are just starting to see the attacks and issues around IoT security. It will continue to be a problem until more comprehensive controls and behaviors make us all more secure.
Interested in more? Follow me on Twitter (@Matt_Rosenquist)Opens in a new window and LinkedInOpens in a new window to hear insights and what is going on in cybersecurity.
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.