Internet of Things Security news doesn’t often break into the “mainstream” news media, but it is becoming more and more common now. And that’s not a good thing, because it means cybercriminals are becoming bolder and more successful.
The most recent incident that lead to headline news occurred last Friday (Oct. 21) when a DDoS (distributed denial of service) attack on an Internet infrastructure company Dyn brought down or slowed down access to many popular websites, including Twitter, Netflix, Reddit, and many more.
If you follow the cyber security industry at all, you have probably heard about another botnet DDoS attack that happened just a few weeks before on the KrebsonSecurity.com website. Brian Krebs is owner of the site and a well-known cyber security expert. The attack was clearly an act of revenge by cybercrooks who don’t like his advocacy against them.
Large Number of Hacked IoT Devices
Krebs wrote after the attack,“There are some indications that this attack was launched with the help of a botnet that has enslaved a large number of hacked so-called ‘Internet of Things,’ (IoT) devices — routers, IP cameras, and digital video recorders (DVRs) that are exposed to the Internet and protected with weak or hard-coded passwords.”
The Krebs attacker(s) then posted the malware called Mirai believed responsibile for the DDoS attack on a dark web forum so that more cybercriminals could make use of it. So it should have come as no surprise when another large DDoS struck last week.
Why are IoT Devices being used in Attacks?
IoT devices are targeted and enslaved because they are very vulnerable and are always connected. Furthermore, Internet of Things like the DVRs, cameras, and IoT gateways used in these attacks, have enough hardware capabilities to be exploited for DDoS assaults. Also, IoT devices often come with generic and unchanged default passwords; don’t have any on-device security protection; and stay invisible inside most organizations. To make matters worse, existing enterprise IT security products, such as firewalls and sandboxing, fail to discover and secure the connected IoT devices. As a result, hackers can easily bypass existing IT security and take control of the IoT devices.
Once hackers have command of IoT devices, they can actually do more than just use them to launch DDoS attacks. The IoT devices essentially become the backdoor for the hackers to get inside the enterprise. Hackers can then use the controlled IoT devices to exploit the enterprise itself, by stealing sensitive information, or even conducting a ransomware attack. Another issue is disruption to your company’s productivity because bandwidth is being used as part of the attack and not for business activities.
What Can We do to Improve the Situation?
Organizations should start securing all the IoT devices on their networks as soon as possible to make both themselves and the Internet safer. Clearly, we don’t have to tell anyone these days how serious cyber threats are and what terrible damage successful attacks can cause.
Strong IoT security begins with gaining complete visibility of the IoT devices inside an organization. However, as I wrote in my previous blog, “One of the most fundamental and challenging questions is how to get IoT visibility.” Because of their unique nature, IoT devices demand a new kind of defense than what’s provided by traditional IT security solutions. (Check out my October 12 blog to learn more about new IoT security solutions.)
Are your IoT Devices in a Botnet?
If your answer to the question above is “I don’t know,” you need to take action immediately. Even if your company is not directly impacted by a DDoS attack, your IoTs could be part of the botnet that’s doing the dirty work of aiding and abetting cybercriminals. If your IoT devices are in a botnet, you definitely want to remove them.
ZingBox can help you discover if your IoT devices are part of a botnet. Please contact us about getting a free assessment of your network now.
This blog is the 1st in a series of blogs on DDoS attacks.