Within the world of digital security, there is a constant arms race between hackers attempting to find and leverage vulnerabilities, and security specialists attempting to plug the holes.
Naturally, this sort of field spawns innovation after innovation. But the most notable innovation recently is the ability of hackers to take over IoT (Internet of Things) devices and use them to perpetrate DDoS (Distributed Denial of Service) attacks.
This innovation is one which security experts have been warning against for years, but it’s been overlooked by the general public, since to comprehend why it’s so important, you have to understand all the pieces of the puzzle.
How Botnets Work — And Spread
In an old fashioned DoS (Denial of Service) attack, one machine, or perhaps one network, would target another machine or network and, using a small handful of techniques, attempt to flood it with data until it slowed to a crawl or crashed. If you were quick, you could determine the source of this attack, block the IP address of the malicious traffic, and all would be well. The attack would stop because the attack vector had been blocked.
Naturally, enterprising hackers searched for a way around this, and they found it in Distributed Denial of Service attacks.
What this meant is that, instead of attacking from a single computer, the hacker would give instructions to multiple machines, all of which he controlled, to attack simultaneously. When the target network received malicious traffic from so many different computers, it became confused, unable to distinguish legitimate traffic from malicious, and in any case, there were too many vectors to be able to block them all before the system ground to a halt.
How did these computers come to be under the control of the hacker? Because at some point, they’d become infected by botnet malware, a small program that lays dormant until it receives a command to attack. These infected computers are sometimes known as bots, or ‘zombie’ devices. Collectively, they are called a ‘botnet.’ Botnets are now the most popular method of launching DDoS attacks— and they have a new trick now, too.
Botnets Aren’t Just Computers Anymore
It used to be the only thing that connected to the internet was a desktop computer. And in the days of dialup, they weren’t always connected, either. So the number of infected devices was somewhat limited.
Now, think about the number of devices you interact with that connect to the internet, either through wifi or cellular networks. Your phone, of course. Nest thermostat? For sure. TV? Most likely. Not to mention your gaming devices, tablets, and even your wearables. Even the onboard computer in your car!
Not to mention webcams, security cameras, printers, medical devices, personal scales and much more. Current estimates are that between 7 and 19 billion IoT devices are connected to the Internet, according to Kaspersky Labs.
Each of these devices connects to the internet, and most have a very common security exploit: they come with a factory default password and login.
Of course, that’s not the only security vulnerability in the IoT. However, it’s the one used by 2016’s most popular botnet, Mirai. Mirai’s source code was released on the dark web in September 2016, and only a month later, was responsible for several of the largest DDoS attacks to date.
Any of these billions of Internet-connected devices can be commanded to attack once they are infected. In most cases, users will never know their devices are infected at all, which puts all the onus on defenders.
How to Defend Against Botnets
The best defense against these DDoS attacks is to put in place certain protocols which will automatically reroute or block undesired traffic. Of course, the trick is being able to identify malicious traffic from legitimate, but it’s a worthwhile exercise nevertheless. Firewalls are your best friend.
There are also DDoS mitigation services, but there are a few problems with relying on them. In the first place, the botnet attacks can grow so large that even such services cannot defend against them.
In the second place, DDoS attacks are increasing targeting infrastructure, such as DNS providers. An attack on Dyn last fall took down dozens of large sites and services, including Amazon, Paypal, and Github. To get around this, you’ll need fallback services in place.
To protect your company against these attacks, you’ll want experienced help. Ask us about our data security offerings, many of which are offered as part of our CloudDirect Suite.
Business Continuity: What Does it Mean for your Organization?