Don’t be a partner in crime: Secure your IoT

Oct 21, 2016 Friday morning wasn’t really the time to veg out in front of the TV especially after a night long travel. I was taking it easy by binge watching one of my favourite netflix episodes and I got interrupted ! Made me think for a moment that is this nature’s way of saying that I should just take me off the screen and get some real rest. Later I got to know that it was a massive cyber attack and i’m one of those poor victims.

Dyn, a company that controls much of the Internet’s domain name system(DNS) was attacked by Mirai botnets in which network DNS servers were made inaccessible with overwhelming traffic and thereby bringing netflix, reddit, twitter unresolvable.Traffic from several million IP addresses was sent in at least three massive waves, overwhelming Dyn’s system and causing it to go down. Looks like this bad trend is growing really fast.

Usually DDOS attacks happen when a computer getting infected with malware and it starts sending huge volume of traffic to the target server that is being attacked. But what made it interesting is the attack was orchestrated by botnets which is largely made of the traditional IoT devices like IP cameras and DVR players. Of course there are so many of them.

A piece of malware takes control of device’s socket/port exposed on Internet and command it to send out traffic to targeted server. Malware is able to take control of this device not using a Birkoff level hacking ability but simply using unchanged default passwords. This is just the beginning of era where IoT devices are used to launch attacks, if we maintain the same levels of laziness in our password management to begin with.

IoT devices are everywhere and we hardly will notice that they are part of our network and software they run might be not standardized. Anything with an IP address is an attack vector.

What can we do about it with the security tools we already have ?

We always setup our security systems to avoid being a victim but we did not pay attention that our devices can be used as an partner in crime.

We already invest in security tools from endpoint security to network security but we might just leave out those little IP surveillance cameras and other similar devices out of their protection perimeter. As a first step let’s start bringing them into the perimeter of the current security infrastructure such as firewalls to enforce policies and mitigate threats not just for the servers also for the other Internet connected things. We should also consider in investing on advanced persistent threat detection systems and security information and event management (SIEM) that can inform IT staff about security issues and provide automated mitigation. Solution should include active monitoring of IoT endpoints. Attacks such as DDos could have been averted even with simple firewall policies but one important thing we missed is the visibility into all our network assets to identify the silent attackers. We need it not just for protecting from corporate data theft but also to prevent our resources being used by attackers.

By failing to detect potential threats early on, organizations put their reputation and finances of valued customers at risk and increase the chances of getting sued by the DDOS victims citing gross negligence in keeping our internet connected infrastructures secure.