Page 8 - Cyber Warnings
P. 8
concerning, to be recruited as a bot in an army to be used in DDoS attacks against
unsuspecting victims. Botnets, also known as “zombie armies,” can be deployed on thousands
— if not millions — of connected devices and can wreak havoc - spam attacks, spread malware
or launch DDoS attacks.
Commonly used DDoS toolkits abuse internet services and protocols that are available on open
or vulnerable servers and devices, to create a class of attacks that are virtually impossible to
trace back to the originating attacker, known as amplification DDoS attacks.
This raises serious concerns that the sheer number of devices in the IoT represents a totally
new type of attack surface that could become wildly out of control in very short order.
There is really no limit to the potential size and scale of future botnet-driven DDoS attacks,
particularly when they harness the full range of smart devices incorporated into our IoT.
By using amplification techniques on the millions of very high bandwidth capable devices
currently accessible, such as baby video monitors and security cameras, DDoS attacks are set
to become even more colossal in scale.
The bottom line is that attacks of this size can take virtually any company offline – a reality that
anyone with an online presence must be prepared to defend against. And it isn’t just the giant
attacks that organizations need to worry about.
Before botnets are mobilized, hackers need to make sure that their techniques are going to
work. This is usually done through the use of small, sub-saturating attacks, which most IT teams
wouldn’t even recognize as a DDoS attack.
Due to their size – the majority are less than five minutes in duration and under 1 Gbps – these
shorter attacks typically evade detection by most legacy, out-of-band DDoS mitigation tools,
which are generally configured with detection thresholds that ignore this level of activity.
This allows hackers to perfect their attack techniques, while remaining under the radar, leaving
security teams blindsided by subsequent attacks. If these techniques are then deployed at full
scale with a botnet, the results can be devastating.
Preventing and mitigating the exploitation of the IoT is going to take quite a concerted effort.
Device manufacturers, firmware and software developers need to build strong security into the
devices. Installers and administrators need to change default passwords and update patch
systems – if this is even possible – when vulnerabilities do arise.
Organizations must also be better equipped to deal with the inevitable DDoS attack. An
organization’s security posture is only as good as their ability to visualize the security events in
the environment.
A robust modern DDoS solution will provide both instantaneous visibility into DDoS events as
well as long-term trend analysis to identify adaptations in the DDoS landscape and deliver
corresponding proactive detection and mitigation techniques.
8 Cyber Warnings E-Magazine – August 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide