The first high-profile DDoS attack using IoT devices that got the attention of the mainstream media happened around Christmas 2013 and was used to interrupt the launch of a prominent game. This attack came from the LizardStresser botnet, consisting primarily of webcams and CPE routers.
In November 2016, the source code for the Mirai botnet was made public. Mirai is specially designed to infect and control IoT devices and contains the code necessary to manage and build large-scale botnets. Multiple new Mirai variants have been created each with more sophisticated capabilities.
Much has been written about the implications of all this, including the dire need to regulation of IoT devices and the future of Internet availability. While these debates and discussions are sure to continue for a long time, what can you do now, immediately, to secure your IoT devices and your network?
Mahmoud Samy, Regional Director, High Growth Markets (Russia/CIS & Middle East) at Arbor Networks shares the following approaches, which have proven to be successful time after time.
IF YOU HAVE OR USE IoT OR EMBEDDED DEVICES:
• Isolate your IoT devices from other services and the Internet. Why would IoT lightbulbs need Internet access?
• Find out if your printer needs Internet access. Almost all Chargen reflection DDoS attacks on the Internet use printers that have direct Internet access
• Update the software and firmware on your devices. When did you last update the software on your DVR?
• Shut down unnecessary services on your devices. The majority of SSDP reflectors are home CPE routers where SSDP is enabled. Also, DNS reflection attacks often use unsecured CPE devices where DNS forwarding is enabled
• Use devices from manufacturers with a proven record of building secure products, and hold them accountable for the security of their solutions
• Monitor your outgoing bandwidth. Is the reason why your systems are sluggish related to system issues? Or is your WAN router busy launching DDoS attacks?
TAKE THE FOLLOWING STEPS TO PROTECT AGAINST DDoS ATTACKS:
• Implement best current practices for ingress filtering
• Isolate management plane traffic from data plane traffic
• Harden devices and shut down unneeded services
• Understand your traffic patterns and know what normal traffic looks like
• Implement layered DDoS mitigation solutions
IoT DEVICES (OR NETWORK-ENABLED DEVICES) ARE BASICALLY SPECIAL PURPOSE COMPUTERS THAT YOU CAN SECURE WITH THE SAME APPROACHES USED IN THE PAST:
• Secure the devices themselves. Harden them according to the manufacturers’ guidelines and best practices. Implement authentication and authorisation, and ensure that network management protocols are properly separated from data plane traffic
• If the devices cannot be secured as explained above, isolate and segment them from the Internet and other devices. Also, control all device-to-device communication, making sure the devices cannot misbehave
• Follow best practices for defending against DDoS attacks. Such practices have proven successful in the past and will continue to be successful if implemented properly
• Seek help from your service provider or your peering partners. The attacks are getting bigger, and cooperation will be the key to success