The Internet of Things (IoT) is a conversation that has been gathering momentum in the public space for around the past five years or so, even though the concept has been around for a few decades. And yet, in this brand-new world of science fiction coming to life, threats lurk also.
So says Arbor Network’s Territory Manager for sub-Saharan Africa, Bryan Hamman. He says, “Obviously, people are excited when they think about the possibilities brought about by a world in which objects can be sensed or controlled remotely across existing network infrastructures. Never mind smartphones – the biggest consumer electronic companies in the world are competing with each other to launch ‘smart fridges’ as just one of an array of connected devices in the home of the future.
“These connected home devices create opportunities for even more integration of the physical world into computer-based systems, and the intention is that they will allow for improved efficiencies and a reduced need for human intervention – think of your smart fridge telling you when you need to throw away your expired milk, for example. At the same time, though, the IoT brings massive opportunities for criminals to use this increasingly connected world for their own commercial gain.”
Hamman notes that while the IoT brings the promise of efficiency and innovation to both homes and businesses, it also significantly expands the threat surface, allowing malware to turn IoT devices into being part of a botnet army – a network of private computers infected with malicious software and controlled as a group without the owners’ knowledge.
He says, “A botnet army grows by continuing to spread its malware to new devices. When a botnet army reaches a certain size, it becomes a revenue-generating platform for its creators by launching distributed denial of service (DDoS) attacks on networks. The attacks will be turned off and the network allowed to function normally again, in return for a ransom paid in Bitcoin payments.”
IoT devices are vulnerable to DDoS botnets for a number of reasons. For example, attackers are able to exploit a manufacturer’s reuse of default passwords across device classes. In addition, most IoT devices have access to the Internet without any bandwidth limitations or filtering, while the pared-down operating systems and processing together leave less room for security features – which is why most security compromises go unnoticed.
Hamman says that Arbor advises enterprises, Internet service providers (ISPs) and managed security service providers (MSSPs) to defend against DDoS attacks by implementing best current practices for DDoS defence, as follows:
• Reducing the network’s surface of vulnerability.
• Ensuring complete visibility over all network traffic to detect DDoS attacks.
• Ensuring sufficient DDoS mitigation capacity and capabilities, both on-premise and in the cloud.
• Having a DDoS defence response plan, which is kept updated and rehearsed on a regular basis.
• ISP and MSSP network operators should actively participate in the global operational community, so that they can provide assistance when other network operators come under high-volume DDoS attacks, and in turn request mitigation assistance in need.
• ISP and MSSP network operators should also take into account the baseline load of their normal Internet traffic. This is very important when determining which DDoS defence mechanisms and methodologies to use if under attack.
Hamman concludes, “Today, broadband Internet is more widely available and more devices are being created with Wi-Fi capabilities and sensors built into them, while smartphones, at least in First World countries, are becoming the norm rather than the exception. This all means that the IoT phenomenon is simply gathering pace, day by day and hour by hour. It is more important than ever to remember that your connected devices are now a part of your network and as such, need the same security considerations to be applied.”