Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

The IoT Botnets are Coming: Are You Prepared?

NSFOCUS : 07 August, 2015  (Special Report)
Rishi Agarwal of NSFOCUS provides some insight into the security vulnerabilities associated with the Internet of Things and what is being done to prevent them from being exploited
The IoT Botnets are Coming: Are You Prepared?

The Food and Drug Administration recently issued a warning regarding security vulnerabilities found in certain medical devices, which can be programmed remotely through a healthcare facility's Ethernet or wireless network. An independent researcher found that security vulnerabilities could allow an unauthorized user to interfere with the medical device’s function.

Welcome to the dark side of the Internet of Things. Webcams, routers—anything with an operating system and an open IP address—can be co-opted for nefarious purposes. This poses security challenges, and they will only escalate as the IoT expands. Garnter reported in its 2014 Hype Cycle for Emerging Technologies Report that by 2019, companies would ship 1.9 billion connected home devices, bringing in about $490 billion in revenue.

This creates significant revenue opportunities for businesses, and increased opportunities for cyber criminals as well. During the second half of 2014, hackers became more efficient and effective, developing new methods to manipulate the protocol and accessibility of any connected home device. They are able to release nearly instantaneous volumetric assaults on intended targets through the use of a massive number of networked machines (often called botnets), flooding them with unnecessary requests that eventually lead to a server crash or the insertion of malware into the network. Either way, it’s bad for business and brand reputation, and very bad for the bottom line.

A Variety of Vulnerabilities

At the end of 2014, we saw that hackers have applied their craftiness to the basic home device that moved Internet access from one room to another: the router. It has become an instrument of what is now known as the simple service discovery protocol, or SSDP, reflective amplification distributed denial-of-service (DDoS) attack. Globally, more than 7 million SSDP devices have the potential to be exploited to launch SSDP and other DDoS attacks.

Last year, the SSDP attack became the darling of the DDoS community. Such attacks use smart devices (routers, webcams, etc.) to amplify attack bandwidth by as much as 75 times. With IoT bringing billions of such devices online, there will be an exponential growth in this type of attack.

Today’s smart devices have a variety of vulnerabilities:

* We are all guilty of creating weak passwords. But like your PC, Mac or phone, any equipment that connects to the Internet must be password protected. While consumers are familiar with creating passwords for their phones and computers, accessing the interface to password-protect a router or webcam may not be quite as intuitive.
* Most people don’t program their home to automatically shut down when they leave, or go to sleep, so refrigerators, routers and webcams generally stay online 24 hours a day, seven days a week – meaning they are highly accessible.
* It’s the router’s job to provide your household with the relatively high bandwidth you need to stream movies, access the Internet and send email – making it attractive to hackers.
* Though federal standards bodies are investigating these types of attacks and developing recommendations, it is not up to the manufacturers to secure the consumer home network. Instead, this responsibility currently falls to the consumer.
* When was the last time you updated the firmware on your router? Most of us would say, “Never.” In fact, certain smart devices may never be upgraded after deployment. Bad actors take advantage of this fact.

Beating Back the Botnets

The industry is mustering forces to find ways to secure IoT devices, but in the interim, the battle against DDoS will continue to challenge enterprises and ISPs. At RSA 2015 in San Francisco, IDC analyst Chris Christiansen noted that with consumer devices, there is no money in security. He went on to say that as such, the security that is embedded in a consumer IoT device is minimal, which, he noted, will eventually lead to major privacy and future litigation issues, especially in Europe.

ISPs, hosting providers and enterprises alike need to think outside of the traditional security stack in order to prevent traffic-based attacks that lead to unavailable network infrastructure or congestion of available bandwidth.

It is important to not only defend against DDoS attacks on the transport layer, such as flood attacks related to SYN, SYN-ACK, ACK, FIN/RST, UDP, ICMP and IP Fragment, but also those targeting the application layer, such as HTTP GET/POST Flood, slow-rate attacks, DNS attacks, game service attacks and audio/video attacks. Furthermore, in terms of application scenarios, look for solutions that defeat DDoS attacks launched via a multitude of agent servers, like CDN and web application firewall (WAF) gateways.  

There is even a further step that some DDoS mitigation solutions take now. For instance, instead of relying solely on traditional fingerprint matching or similar methods, more evolved DDoS mitigation solutions also conduct behavior anomaly detection, which can then be filtered through an intelligent multi-layer identification and cleaning matrix. This consolidates the mechanisms of anti-spoofing, protocol stack behavior analysis, specific application protection, user-behaviour analysis, dynamic fingerprint identification, bandwidth control and so forth.

Regulatory bodies are hard at work trying to determine the best standards regarding the hijacking of networked devices. Meanwhile, malicious actors continue to assemble armies of such devices into botnets that take down networks. Enterprises and hosting providers need to act now to implement DDoS protection that can handle this new type of threat. To learn more about SSDP DDoS attacks, other DDoS attacks from 2H2014 and predicted potential threats for 2015, download the NSFOCUS DDoS Threat Report here:

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo