Remember when agent Teddy, who appears to be too smart to have the lower-hand, turns out to have been manipulated by Dr Cawley in Shutter Island? The dynamic between IoT and DDoS attacks works in a similar way, as the smarter IoT seems to be the more vulnerable it is, therefore, becomes a perfect target for DDoS attacks. It might sound illogical at first, but things are simply down to the core concepts and the way DDoS attacks are conducted. Why do they make such a powerful match in favour of DDoS attacks? Let’s break it down
What is IoT?
IoT stands for “Internet of Things”. Put it another way, it refers to the kind of Internet that connects all other things and pulls them into one place. Technically, it’s a convenient and flexible platform storing and analyzing information collected from other devices to turn the diverse information into one common language for the user. To make this works, sensors are embedded in a particular device (mobile phone, electrical appliances, traffic lights, barcode sensors, etc) and continuously emits data to IoT regarding the working state of the device so that users are able to keep track of the process and identify issues beforehand.
IoT will then integrate those data, perform analytics and extract valuable information as per requirement from the user. Finally, the results are shared back to the devices so that they can act on the necessities, promoting better operations. IoT is an intelligent application in day-to-day’s life as it allows humans to free access to a giant library of our surroundings’ information without wasting too much time looking up
What is DDoS?
DDoS, or Distributed Denial of Service Attack, is the act of disrupting normal traffic of a server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. It’s often conducted through botnets, a collection of infected computers controlled by a master computer, to indirectly prevent legitimate users from accessing the victims. DDoS is often periodic, rather than permanently destroy a web server
The number of DDoS attacks is rising, as the cost of launching such attacks is disproportionate to the damage it causes. Therefore, DDoS attacks are profitable. Research by Incapsula found that a DDoS attack could cost a firm over $40,000/hour. During one of the biggest DDoS attacks to “KrebsOnSecurity.com”, it is reported that the two hackers who are responsible for the attack earned up to $600,000. Seeing the enormous profit earned in launching DDoS attacks, many companies/individuals are now providing DDoS-for-hire services in order to gain lucrative returns.
However, if we dive deeper in the matter and consider the factors from the environment, the reason is not one but twofold: the growing availability in DDoS-for-hire services as stated, and the implementation of many smart yet poor secured IoT devices
Why DDoS attacks target at IoT devices?
IoT manufacturers, just like many other businesses, need to maintain a reasonable and acceptable price if they wish to amplify their sales and make IoT an essential part of humans’ life. To balance the price, adjusting manufacturing costs is of ultimate importance. Therefore, manufacturers must allocate their efforts and resources efficiently to the right place that strongly aligns with their main focus – which is often practicality rather than security.
In another word, because manufacturers want IoT to be smart, they decide to lower the security wall, making IoT become vulnerable to such attacks. Besides, for IoT is still quite new on the market, they are full of insecurities, which lowers the firewall and paves the way for DDOS attacks to manipulate. However, what makes IoT a perfect companion to DDoS attacks is IoT’s ability to collect/receive/analyze information and send the analyzed data back to many other devices as well as to ask them to act towards its will. Tracing back to the essence of DDoS attacks, DDoS attacks are conducted based on the capability to flood the web server by zombie computers (botnets) – which means the more botnets, the better the outcome.
By hacking one single IoT, attackers can manipulate all the data is stored within the IoT platform, and IoT will automatically send the infected code to other devices, multiplying the number of botnets in no time. In this way, both IoT and the devices connected to IoT become part of malicious botnets, therefore, directly and indirectly, contributes to the execution of DDoS attacks or even come so far as to magnify the impact of DDoS attacks on a certain web server/service
A good example of IoT botnet used by attackers to facilitate DDoS attacks is the botnet affecting websites from Twitter, Spotify, CNN, The Guardian to Reddit in October 21, 2016. Attackers used malware name “Mirai” to infect IoT devices and created a huge botnet out of them. They first scanned for IoT systems with weak credentials (that is to say, most IoT have weak securities and protection credentials). Mirai then broke a wide range of IoT devices from CCTVs to DVRs to facilitate DDoS attacks, which later results in the mass collapse of reputable web servers. This has proved the prevailing influence of DDoS attacks when combined with IoT.
What you should do
Although IoT is not the prime victim of DDoS, getting involved with DDoS attacks, even not deliberately, can propose a problem of trust and liability in front of the court, so it’s better to identify potential threats and equip your IoT business with proper safeguards against DDoS attacks. Tactics should be applied to shut the door, mitigating DDoS attacks to infiltrate, for example, manufacturers may require users to change their passwords or implement 2-factor authentification to strengthen IoT device connection protocols. Those are simple actions, but optimal and quite effective to business performance
Another threat posed to both manufacturers and users is the penetration of DDoS attacks through internet bandwidth limitation. Botnets, like other internet-connected devices, have full access to the internet bandwidth, so they are able to enable malicious traffic to strike against the victim through the bandwidth; the victims here are out of doubt IoT devices without any bandwidth limitation. Hence, the solutions suggested are to limit bandwidth by default and allow bandwidth change only for authenticated users, controlled with Root of Trust (RoT)
This philosophy can also apply to web server hosts to resist the combination of IoT and DDoS attacks and improve customers’ experiences. More researches on types of DDoS attacks should be done to conclude a suitable solution for the company performance, but some usable tactics might include using a Content Delivery Network, installing DNS providers usage, apply cloud operated firewall protection for further website protection, allocate resources to identify sensitive parts of an application beforehand and temporarily block them from the server, etc
Fighting against DDoS attacks is not an easy game, especially with the participation of IoT. To prevent such attacks, a problem of strategy and resources might arise, but giving it a touch of first-hand preparation is never a waste
Copyrighted by OutsourcingITVN