The dawn of Massive IoT DDoS Attacks and why it matters

Unless you have been busy climbing the Himalayas for the past couple of months, you’ll have heard a lot about Mirai, a deadly malware causing the largest DDoS attacks to date. Yes Yes, the IoT botnet attack that took down the Internet for users trying to reach an array of sites, including Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix.

In September 2016, the same malware hit the prominent security blogger, Brian Krebs. Both attacks drew on an army of IoT devices. In Krebs’ case, the hit was so massive that Akamai had to shut down Krebs’ account with them because defending it consumed too many of their resources. No one wants to be in a position to have to shut down a customer (let alone a prominent one such as Krebs) or even an internal enterprise user. That is a good way to lose business, possibly your job, and to anger people. One of the key ways to stop these IoT DDoS attacks is through network access control (NAC). More about that later.

In the same month, hosting provider, OVH, suffered a 1Tbps DDoS attack that had 150,000 IoT devices behind it. These attacks are becoming more frequent. IoT botnets are very powerful due to the fact that there are so many vulnerable IoT devices out there that can be commandeered in an army of botnets. Each device –  baby monitors, CCTV’s, connected LED light bulbs, even smart cars that are connected to a high bandwidth internet connection, are lacking in the area of basic security features and can be easily leveraged in a powerful IoT botnet DDoS attack.

Avoid the 5 Pitfalls of NAC – Get our Free Whitepaper Today! 

The Scope and Ease of IoT Botnet DDoS Attacks

The threat these attacks create should not be underestimated. These attacks can take any company offline. There is really no limit to the potential size and scale of future DDoS attacks involving botnets, particularly when they harness the full range of smart devices incorporated into our everyday lives, both at work and at home. Gartner Inc. forecasts that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from 2015, and will reach 20.8 billion by 2020. In 2016, 5.5 million new devices will get connected each day, Gartner estimates.

For many of these household IoT security is an afterthought. Furthermore, in the residential space, IoT devices are plug-and-play and the average user is incapable or uninterested in security and may never upgrade or download a security patch.  So, if an IoT device ships with such an exploitable vulnerability in it, it will likely remain vulnerable the whole time it is in service.

The challenge with many IoT devices, from a security perspective, is that many devices are by default, open and available to the Internet. This is convenient to the average home user but a nightmare to corporate security (which needs to take all these devices into consideration as they are entwined into the lives of employees) and to the overall security of the Internet.  Manufacturers of these devices must make the security and overall protection of these devices against the dark web a priority.

What makes this worse is that most users will never change factory set usernames or passwords. The average user is mostly likely taking advantage of default passwords and auto-connect functionality without much thought. Users may well be unaware of the security risks entailed in using default settings, or they may not know how to make the changes. Some education needs to happen in order to begin eliminating vulnerable devices from being hijacked for nefarious purposes.

The Release of Mirai Source Code is a Big Deal

The DDoS attacks are relatively easy for the hackers to execute. The tools and devices used to conduct the attacks are out there and available to most people. The hackers enjoy almost complete anonymity in these scenarios. This powerful combination could potentially bring down the Internet.

There are two main malware families that are currently being used to quickly assemble very large IoT-based DDoS armies, one is dubbed “Mirai” and the other is called “Bashlight”. They function in similar fashion, with Mirai infecting vulnerable devices by scanning IoT systems protected by factory default or hard-coded usernames and passwords, while “Bashlight” is especially designed to infect systems via default usernames and passwords on IoT devices. The fact that the Mirai code for the DDoS attacks is now released means even more trouble for businesses as more people have access to the malware used to quickly assemble very large IoT-based DDoS armies. The rising threat of IoT botnets is one to be reckoned with, and a threat that needs to be defeated within the Internet itself.

DDoS Attacks and Network Security

These attacks are placing even more strain on the enterprise networks and are changing the priority level to ‘tackle’  IoT and mobile device security.  Security and Network Administrators need intuitive and granular network admission control and remote access security to prevent these security breaches. Detection, compliance and protection solutions should be the building blocks of every NAC solution.

A new generation NAC solution gives visibility into the network and enables monitoring actions in it after access has been authorized. Should a DDoS attack happen, this monitoring feature would be instrumental in stopping the attack. With a software NAC solution, all security software in the company can be easily integrated without the need for costly equipment.

Now is a really good time for Security and Network Administrators to do some homework. What would happen if the company came under DDoS attack?  How would the company cope? Is the network secure?