DVD Recorders used in DDoS attacks
One of the more interesting findings following the Distributed Denial of Service (DDoS) attack aimed at the Akamai/Prolexic hosted KrebsOnSecurity.com website, was that hacked Internet of Things (IoT) devices common in the Smart Home were used in the attack. Devices such as Internet connected DVD Recorders, Webcams and routers were used as part of the botnet — a group of internet-connected devices taken over without their owners’ knowledge. According to Akamai, the attack was ‘nearly double the size of the largest attack they’d seen previously, and was among the biggest assaults the Internet has ever witnessed.’
“Someone has a botnet with capabilities we haven’t seen before,” revealed Martin McKeay, Akamai’s senior security advocate. “We looked at the traffic coming from the attacking systems, and they weren’t just from one region of the world or from a small subset of networks — they were everywhere.”
More about botnets
One of the most powerful ways to pursue any computationally challenging task is to leverage the untapped processing power of a very large number of everyday devices. This is the idea behind the modern botnet: a collection of compromised computers and servers distributed over the public Internet, which jointly serve the agenda of a malicious or criminal entity.
Once infiltrated with malware in a variety of ways, these compromised systems (“bots”) typically link back to a command and control (C&C) server and wait for instructions. The botnet can then be used for tasks ranging from distributed denial of service (DDOS) attacks, to collecting sensitive data, leading to identity theft and fraud.
The biggest DDoS attack ever?
Whilst the Krebs on Security DDoS attack last Tuesday was very big, with 363Gbps of data being thrown at the site, OVH – a French headquartered internet service provider – trumped these figures just a few days later. The size of the DDoS attack OVH experienced on Thursday peaked over 1.1Tbps, almost times larger than that on Krebs.
Your smart home is both a target and an accessory
Your smart home is packed full of IoT devices. From your broadband routers, smart TVs and IP webcams to Internet connected thermostats and refrigerators, each has an operating system, RAM etc. just like a desktop computer of which botnets were traditionally made up of. All counted together the untapped processing power of a global botnet comprised of IoT devices can be huge, and when you think that these devices are usually only ‘protected’ with weak or hard-coded passwords and not usually placed behind any security infrastructure in the average family home, it makes a lot of sense for the attackers to target your home in this way.
With the Internet of Things still in its infancy, it’s a safe bet to expect threats from IoT botnets to continue to grow exponentially in the same way that the number of connected devices does.
Infosec Partners can help
Concerned that your organisation isn’t prepared for a DDoS attack, or worried that your Internet connected devices at home might have been breached? We can help. From stress testing significant organisation’s security strategy and resilience to attacks including DDoS, to securing exclusive estates using full home-automation and IoT technologies, Infosec Partners are proven experts in full-spectrum cybersecurity and a team you can trust.
For your free consultation, complete the adjacent form or to speak with trusted advisor immediately
Call us on +44 (0)1256 893662.
Did you know? Infosec Partners are the only full-spectrum security experts accredited to implement, manage and troubleshoot the top three home-automation vendors (Crestron, Control4 and Savant), and the first ever to integrate these with security from leading security vendors including Fortinet which named Infosec Partners it’s first ever UK Partner of Excellence.
UPDATE. 25 October 2016
There’s no end in sight to this escalating trend of IoT devices being used for DDoS attacks as the attack on Dyn last Friday 21st October which took down web services including Amazon, Twitter, Spotify and Netflix shows. Dyn provides DNS services amongst other things, one of the mentioned backbone services of the internet.
Bruce Schneier, the Godfather/Nostradamus of Cybersecurity predicted as much when he wrote the following in the lawfareblog.com:
“Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. “If you want to take a network off the Internet, the easiest way to do it is with a distributed denial-of-service attack (DDoS). “One company told me about a variety of probing attacks in addition to the DDoS attacks: testing the ability to manipulate Internet addresses and routes, seeing how long it takes the defenders to respond, and so on. Someone is extensively testing the core defensive capabilities of the companies that provide critical Internet services.”
At the time of writing, IBM has apologized to Australia and is compenstating the country for their part in the “malicious” cyberattack on the 9th of August that shut down a national census. The five-yearly Aug. 9 household survey by the Australian Bureau of Statistics (ABS) went offline that day after four distributed denial of service (DDoS) attacks caused by the website to be overwhelmed with traffic. IBM points the finger at the poor DDoS defences of two ISPs, Nextgen Networks and their subcontractor ISP Vocus Communications.
“We had repeated assurances from the ISP that the appropriate protocol was in place,” Kerry Purcell (IBM Australia and New Zealand managing director) told a Senate inquiry.